Securityvulns - Page 194 of Securityvulns Vulnerabilities List

securityvulns•added 2011/04/19 12:0 a.m.•53 views

ZDI-11-128: CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability

ZDI-11-128: CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-128 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total...

10CVSS0.7AI score0.7727EPSS

securityvulns•added 2011/04/19 12:0 a.m.•69 views

ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability

ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-126 April 13, 2011 -- CVE ID: CVE-2011-1654 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total Defense Suite ...

7.5CVSS0.8AI score0.03282EPSS

securityvulns•added 2011/04/19 12:0 a.m.•76 views

[security bulletin] HPSBMA02659 SSRT100440 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02788734 Version: 1 HPSBMA02659 SSRT100440 rev.1 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access NOTICE: The information in this Security...

6.5CVSS0.5AI score0.00343EPSS

10CVSS0.6AI score0.7727EPSS

ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability

ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-132 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total...

5.8CVSS0.7AI score0.00847EPSS

[USN-1114-1] KDENetwork vulnerability

========================================================================== Ubuntu Security Notice USN-1114-1 April 18, 2011 kdenetwork vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

securityvulns•added 2011/04/19 12:0 a.m.•58 views

HTB22937: Path disclosure in Universal Post Manager wordpress plugin

Vulnerability ID: HTB22937 Reference: http://www.htbridge.ch/advisory/pathdisclosureinuniversalpostmanagerwordpressplugin.html Product: Universal Post Manager wordpress plugin Vendor: ProfProjects Artyom Chakhoyan http://www.profprojects.com/ Vulnerable Version: 1.0.9 Vendor Notification: 05 Apri...

securityvulns•added 2011/04/19 12:0 a.m.•74 views

CA20110413-01: Security Notice for CA Total Defense

-----BEGIN PGP SIGNED MESSAGE----- CA20110413-01: Security Notice for CA Total Defense Issued: April 13, 2011 CA Technologies support is alerting customers to security risks with CA Total Defense. Multiple vulnerabilities exist that can allow a remote attacker to possibly execute arbitrary code. ...

10CVSS0.8AI score0.7727EPSS

securityvulns•added 2011/04/19 12:0 a.m.•36 views

HTB22941: CSRF (Cross-Site Request Forgery) in Dalbum

Vulnerability ID: HTB22941 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryindalbum.html Product: Dalbum Vendor: http://www.dalbum.org/ http://www.dalbum.org/ Vulnerable Version: 1.43 Vendor Notification: 05 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk...

6.6AI score

securityvulns•added 2011/04/19 12:0 a.m.•54 views

ZDI-11-129: CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability

ZDI-11-129: CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-129 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total Defense...

10CVSS0.7AI score0.7727EPSS

securityvulns•added 2011/04/19 12:0 a.m.•72 views

ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability

ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-127 April 13, 2011 -- CVE ID: CVE-2011-1655 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Tota...

7.5CVSS1AI score0.0986EPSS

securityvulns•added 2011/04/19 12:0 a.m.•54 views

HTB22938: Multiple XSS in Universal Post Manager wordpress plugin

Vulnerability ID: HTB22938 Reference: http://www.htbridge.ch/advisory/multiplexssinuniversalpostmanagerwordpressplugin.html Product: Universal Post Manager wordpress plugin Vendor: ProfProjects Artyom Chakhoyan http://www.profprojects.com/ Vulnerable Version: 1.0.9 Vendor Notification: 05 April...

0.9AI score

securityvulns•added 2011/04/19 12:0 a.m.•43 views

HTB22942: Path disclousure in Dalbum

Vulnerability ID: HTB22942 Reference: http://www.htbridge.ch/advisory/pathdisclousureindalbum.html Product: Dalbum Vendor: http://www.dalbum.org/ http://www.dalbum.org/ Vulnerable Version: 1.43 Vendor Notification: 05 April 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Tec...

7AI score

securityvulns•added 2011/04/19 12:0 a.m.•39 views

HTB22931: XSS vulnerability in InTerra Blog Machine

Vulnerability ID: HTB22931 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityininterrablogmachine.html Product: InTerra Blog Machine Vendor: InTerra Blog Machine Team http://code.google.com/p/interra/ Vulnerable Version: 1.84 and probably prior versions Vendor Notification: 31 March 2011...

0.3AI score

securityvulns•added 2011/04/19 12:0 a.m.•36 views

HTB22940: XSS in SocialGrid wordpress plugin

Vulnerability ID: HTB22940 Reference: http://www.htbridge.ch/advisory/xssinsocialgridwordpressplugin.html Product: SocialGrid wordpress plugin Vendor: Michael Whalen http://whalesalad.com Vulnerable Version: 2.3 Vendor Notification: 05 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk...

0.2AI score

securityvulns•added 2011/04/19 12:0 a.m.•39 views

Уязвимости во многих темах для ExpressionEngine

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях во многих темах для ExpressionEngine. Уязвимыми являются следующие темы для ExpressionEngine: Fresh News, Inspire, City Guide, Delegate, Optimize,...

6.7AI score

securityvulns•added 2011/04/19 12:0 a.m.•71 views

ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability

ZDI-11-135: Pwn2Own WebKit WBR Tag Removal Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-135 April 14, 2011 -- CVE ID: CVE-2011-1344 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit -- TippingPointTM IP...

6.8CVSS0.3AI score0.05324EPSS

securityvulns•added 2011/04/19 12:0 a.m.•60 views

ZDI-11-136: IBM Tivoli Directory Server ibmslapd.exe SASL Bind Request Remote Code Execution Vulnerability

ZDI-11-136 formerly ZDI-CAN-1022: IBM Tivoli Directory Server ibmslapd.exe SASL Bind Request Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-136 April 18, 2011 -- CVE ID: CVE-2011-1206 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: IBM --...

10CVSS1.1AI score0.33754EPSS

Exploits5

10CVSS0.6AI score0.7727EPSS

ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability

ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-130 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total Defense...

securityvulns•added 2011/04/19 12:0 a.m.•65 views

[DCA-2011-0011] - Ocomon Multiple SQL Injection

DCA-2011-0011 Discussion - DcLabs Security Research Group advises about following vulnerabilityies: Software - Ocomon Vendor Product Description - The OCOMON came in March 2002 as a personal project of programmer Franque Custodio, with the initial characteristics of the registration, monitoring,...

8.4AI score

securityvulns•added 2011/04/19 12:0 a.m.•47 views

ESA-2011-014: RSA, The Security Division of EMC, announces the release of Adaptive Authentication (On-Premise) Flash File Security Patch

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-014: RSA, The Security Division of EMC, announces the release of Adaptive Authentication On-Premise Flash File Security Patch Advisories Updated April 14, 2011 Summary: A potential cross-site scripting vulnerability has been identified in RSA...

4.3CVSS0.3AI score0.00447EPSS

HTB22934: SQL Injection in WP-StarsRateBox wordpress plugin

Vulnerability ID: HTB22934 Reference: http://www.htbridge.ch/advisory/sqlinjectioninwpstarsrateboxwordpressplugin.html Product: WP-StarsRateBox wordpress plugin Vendor: www.starsrate.com www.starsrate.com Vulnerable Version: 1.1 Vendor Notification: 05 April 2011 Vulnerability Type: SQL Injection...

0.5AI score

securityvulns•added 2011/04/19 12:0 a.m.•95 views

ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability

ZDI-11-104: Pwn2Own Webkit CSS Text Element Count Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-104 April 14, 2011 -- CVE ID: CVE-2011-1290 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit --...

10CVSS1.1AI score0.06098EPSS

securityvulns•added 2011/04/19 12:0 a.m.•154 views

[USN-1110-1] KDE-Libs vulnerabilities

========================================================================== Ubuntu Security Notice USN-1110-1 April 14, 2011 kde4libs vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4.3CVSS0.5AI score0.01407EPSS

Exploits2

securityvulns•added 2011/04/19 12:0 a.m.•66 views

HTB22932: Multiple XSS in webSPELL

Vulnerability ID: HTB22932 Reference: http://www.htbridge.ch/advisory/multiplexssinwebspell.html Product: webSPELL Vendor: http://www.webspell.org/ http://www.webspell.org/ Vulnerable Version: 4.2.2a Vendor Notification: 05 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Mediu...

0.2AI score

securityvulns•added 2011/04/19 12:0 a.m.•46 views

HTB22935: Multiple XSS in WP-StarsRateBox wordpress plugin

Vulnerability ID: HTB22935 Reference: http://www.htbridge.ch/advisory/multiplexssinwpstarsrateboxwordpressplugin.html Product: WP-StarsRateBox wordpress plugin Vendor: www.starsrate.com www.starsrate.com Vulnerable Version: 1.1 Vendor Notification: 05 April 2011 Vulnerability Type: XSS Cross Site...

0.1AI score

securityvulns•added 2011/04/19 12:0 a.m.•86 views

About the security content of Safari 5.0.5

About the security content of Safari 5.0.5 Last Modified: April 14, 2011 Article: HT4596 Email this article Print this page Summary This document describes the security content of Safari 5.0.5. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until...

10CVSS0.1AI score0.06098EPSS

securityvulns•added 2011/04/19 12:0 a.m.•43 views

HTB22939: Multiple SQL Injection in Universal Post Manager wordpress plugin

Vulnerability ID: HTB22939 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectioninuniversalpostmanagerwordpressplugin.html Product: Universal Post Manager wordpress plugin Vendor: ProfProjects Artyom Chakhoyan http://www.profprojects.com/ Vulnerable Version: 1.0.9 Vendor Notification: 0...

0.3AI score

securityvulns•added 2011/04/19 12:0 a.m.•65 views

ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability

ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-133 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total Defense...

10CVSS0.7AI score0.7727EPSS

securityvulns•added 2011/04/19 12:0 a.m.•73 views

ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability

ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-134 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total...

10CVSS0.8AI score0.7727EPSS

securityvulns•added 2011/04/19 12:0 a.m.•42 views

HTB22933: Multiple Path disclosure in webSPELL

Vulnerability ID: HTB22933 Reference: http://www.htbridge.ch/advisory/multiplepathdisclosureinwebspell.html Product: webSPELL Vendor: http://www.webspell.org/ http://www.webspell.org/ Vulnerable Version: 4.2.2a Vendor Notification: 05 April 2011 Vulnerability Type: Path disclosure Risk level: Low...

7AI score

securityvulns•added 2011/04/17 12:0 a.m.•50 views

Microsoft Internet Explorer multiple security vulnerabilities

Multiple memory corruptions and information leaks...

9.3CVSS1.8AI score0.60677EPSS

Exploits4References4Affected Software1

securityvulns•added 2011/04/17 12:0 a.m.•34 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.6AI score

Exploits0References3Affected Software2

securityvulns•added 2011/04/17 12:0 a.m.•61 views

Microsoft Office multiple security vulnerabilities

Multiple memory corruptions in Excel and PowerPoint, unsafe DLL loading, memory corruption in Office Graphic...

9.3CVSS2.8AI score0.89418EPSS

Exploits31References9

securityvulns•added 2011/04/17 12:0 a.m.•43 views

XSS, AoF и IAA уязвимости в PHP-Nuke

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Abuse of Functionality и Insufficient Anti-automation уязвимостях в PHP-Nuke. XSS WASC-08: POST запрос на странице http://site/modules.php?name=Downloads " style="-moz-binding:url'http://websecurity.com.ua/webtools/xss.xmlxss...

7AI score

securityvulns•added 2011/04/17 12:0 a.m.•66 views

VUPEN Security Research - Microsoft Internet Explorer Property Change Memory Corruption (CVE-2011-1345)

VUPEN Security Research - Microsoft Internet Explorer Property Change Memory Corruption CVE-2011-1345 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows li...

9.3CVSS8.3AI score0.514EPSS

securityvulns•added 2011/04/17 12:0 a.m.•262 views

The BodgeIt Store - another vulnerable web app

Hi folks, I've recently open sourced a vulnerable web app, called The BodgeIt Store: http://code.google.com/p/bodgeit/ Why? Well, you can never have too many vulnerable apps to test against, but also because I've found that many of the existing apps are non trivial to install - they either have a...

0.2AI score

securityvulns•added 2011/04/17 12:0 a.m.•75 views

VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability (CVE-2011-0034)

VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability CVE-2011-0034 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft...

9.3CVSS0.2AI score0.56688EPSS

securityvulns•added 2011/04/17 12:0 a.m.•61 views

VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability (CVE-2011-0034)

9.3CVSS0.2AI score0.56688EPSS

securityvulns•added 2011/04/17 12:0 a.m.•86 views

VUPEN Security Research - Microsoft Internet Explorer Layouts Use-after-free Vulnerability (CVE-2011-0094)

VUPEN Security Research - Microsoft Internet Explorer Layouts Use-after-free Vulnerability CVE-2011-0094 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows...

9.3CVSS0.59909EPSS

securityvulns•added 2011/04/17 12:0 a.m.•56 views

VUPEN Security Research - Microsoft Office Excel Real Time Data Stack Overwrite Vulnerability (CVE-2011-0105)

VUPEN Security Research - Microsoft Office Excel Real Time Data Stack Overwrite Vulnerability CVE-2011-0105 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Office Excel is a powerful tool you can use to create and format spreadsheets, and analyze and share...

9.3CVSS0.89418EPSS

Exploits10

securityvulns•added 2011/04/17 12:0 a.m.•26 views

Уязвимости во многих темах для Drupal

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях во многих темах для Drupal. Уязвимыми являются следующие темы для Drupal: Fresh News, Inspire, Spectrum, Delegate, Optimize, Bueno, Headlines, Daily...

6.7AI score