Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2011/03/31 12:0 a.m.72 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.019EPSS
Exploits7References15Affected Software9
securityvulns
securityvulns
added 2011/03/31 12:0 a.m.38 views

GNOME Desktop Manager privilege escalation

root privileges are not dropped on files access...

6.9CVSS3.5AI score0.00376EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/03/31 12:0 a.m.70 views

Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability Advisory ID: cisco-sa-20110330-acs Revision 1.0 For Public Release 2011 March 30 1600 UTC GMT...

5CVSS0.9AI score0.1464EPSS
Exploits2
securityvulns
securityvulns
added 2011/03/31 12:0 a.m.74 views

[ MDVSA-2011:055 ] openldap

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:055 http://www.mandriva.com/security/ Package : openldap Date : March 30, 2011 Affected: 2009.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been identified and fixed in openldap:...

5CVSS9.5AI score0.13518EPSS
Exploits1
securityvulns
securityvulns
added 2011/03/31 12:0 a.m.53 views

Cisco Security Advisory: Cisco Network Access Control Guest Server System Software Authentication Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Network Access Control Guest Server System Software Authentication Bypass Vulnerability Advisory ID: cisco-sa-20110330-nac Revison 1.0 For Public Release 2011 March 30 1600 UTC GMT...

5CVSS0.4AI score0.01802EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/31 12:0 a.m.38 views

Solaris 10 Port Stealing Vulnerability

I reported this to Oracle, but I have been told that this is part of the BSD standard and a desire feature !. In a nutshell, as an ordinary user, I can bind to a port using a specific address even if another process is already bound to it with a wildcard address. This makes it very easy for an...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2011/03/31 12:0 a.m.353 views

HTB22908: XSRF (CSRF) in Collabtive

Vulnerability ID: HTB22908 Reference: http://www.htbridge.ch/advisory/xsrfcsrfincollabtive.html Product: Collabtive Vendor: Open Dynamics http://collabtive.o-dyn.de/ Vulnerable Version: 0.6.5 and probably prior versions Vendor Notification: 17 March 2011 Vulnerability Type: CSRF Cross-Site Reques...

7AI score
Exploits0
securityvulns
securityvulns
added 2011/03/31 12:0 a.m.37 views

BSD systems / Solaris port hijacking

User can open port with specified interface address if it's already open by another application without interface address...

2.2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/03/31 12:0 a.m.85 views

VMSA-2011-0006 VMware vmrun utility local privilege escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0006 Synopsis: VMware vmrun utility local privilege escalation Issue date: 2011-03-29 Updated on: 2011-03-29 initial release of...

6.9CVSS6.5AI score0.00384EPSS
Exploits2
securityvulns
securityvulns
added 2011/03/31 12:0 a.m.28 views

VMware privilege escalation

It's possible to elevate privileges via shared library spoofing...

6.9CVSS3.3AI score0.00384EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2011/03/31 12:0 a.m.37 views

"WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path

"WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path Author: alieye class : remote E-mail: [email protected] greetz: C.S.Eye Security Team members We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety & All Iranian Hackers Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.62 views

HTB22904: Path disclosure in bbPress

Vulnerability ID: HTB22904 Reference: http://www.htbridge.ch/advisory/pathdisclosureinbbpress.html Product: bbPress Vendor: http://bbpress.org http://bbpress.org Vulnerable Version: 1.0.3 Vendor Notification: 15 March 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Tech Brid...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.48 views

Unidesk ReportingService Forceful Browsing Vulnerability

------------------------------------------------------------------ 1. Summary: Unidesk management appliance is prone to a forceful browsing vulnerability that allows an attacker access to administrator resources. ------------------------------------------------------------------ 2. Description: T...

2.2AI score
Exploits0
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.56 views

ZDI-11-113: Zend Server Java Bridge Design Flaw Remote Code Execution Vulnerability

ZDI-11-113: Zend Server Java Bridge Design Flaw Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-113 March 28, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Zend -- Affected Products: Zend Zend Server -- TippingPointTM IPS Customer...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.59 views

SimplisCMS 1.0.3.0 Remote File Disclosure Vulnerability

Exploit Title: SimplisCMS 1.0.3.0 Remote File Disclosure Vulnerability home : http://www.D99Y.com Date: 27/3/2011 Author: NassRawI Software Link: http://modcove.com/index.php Demo : http://modcove.com/index.php?page=demo Version: 1.0.3.0 file : simpliscms/admin/index.php exploit :...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.43 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

4.3CVSS1.6AI score0.04979EPSS
Exploits1References10Affected Software9
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.30 views

HTB22905: Path disclosure in Wordpress

Vulnerability ID: HTB22905 Reference: http://www.htbridge.ch/advisory/pathdisclosureinwordpress.html Product: Wordpress Vendor: http://wordpress.org/ http://wordpress.org/ Vulnerable Version: 3.1 Vendor Notification: 15 March 2011 Vulnerability Type: Path disclosure Status: Not Fixed Risk level:...

7AI score
Exploits0
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.68 views

[SECURITY] [DSA 2204-1] imp4 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2204-1 [email protected] http://www.debian.org/security/ Steffen Joeris March 27, 2011 http://www.debian.org/security/faq -...

4.3CVSS1AI score0.04979EPSS
Exploits1
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.40 views

XSS, SQL Injection и SQL DB Structure Extraction уязвимости в Cetera eCommerce

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Cross-Site Scripting, SQL Injection и SQL DB Structure Extraction уязвимостях в Cetera eCommerce. XSS WASC-08 также работают в версии 15.0: http://site/catalog/3Cscript3Ealertdocument.cookie3C/script3E/...

Exploits0
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.55 views

SimplisCMS 1.0.3.0 SQL injection / Cross Site Scripting

Exploit Title: SimplisCMS 1.0.3.0 SQL injection / Cross Site Scripting home : http://www.D99Y.com Date: 27/3/2011 Author: NassRawI Software Link: http://modcove.com/index.php Demo : http://modcove.com/index.php?page=demo Version: 1.0.3.0 1 SQL injection http://localhost/simpliscms/admin/index.php...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.29 views

Zend Server code execution

It's possible to execute user-supplied code via Java Bridge TCP/10001 service...

4.1AI score
Exploits0References1
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.52 views

HTB22903: XSS in Spitfire CMS

Vulnerability ID: HTB22903 Reference: http://www.htbridge.ch/advisory/xssinspitfirecms.html Product: Spitfire CMS Vendor: Spitfire http://spitfire.clausmuus.de/ Vulnerable Version: 1.0.436 Vendor Notification: 15 March 2011 Vulnerability Type: XSS Risk level: Medium Credit: High-Tech Bridge SA -...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.79 views

TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution

--------------------------------------------------------------------------- xpdf : multiple vulnerabilities in t1lib allow arbitrary remote code execution - --------------------------------------------------------------------------- - -- Vulnerability Summary: Date Published: 28/03/2011 Last...

6.8CVSS0.5AI score0.13055EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.88 views

Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003

Sense of Security - Security Advisory - SOS-11-003 Release Date. 28-Mar-2011 Last Update. - Vendor Notification Date. 25-Mar-2011 Product. Wordpress Plugin BackWPup Platform. Independent Affected versions. 1.6.1 verified, possibly others Severity Rating. High Impact. System Access Attack Vector...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.34 views

HP Diagnostics crossite scripting

No description provided...

4.3CVSS1.2AI score0.01782EPSS
Exploits0References1
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.57 views

[security bulletin] HPSBMA02649 SSRT100430 rev.1 - HP Diagnostics, Remote Cross Site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02770512 Version: 1 HPSBMA02649 SSRT100430 rev.1 - HP Diagnostics, Remote Cross Site Scripting XSS NOTICE: The information in this Security Bulletin should be acted upon as soon as possible...

4.3CVSS0.1AI score0.01782EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.94 views

[AntiSnatchOr] OpenCMS <= 7.5.3 multiple vulnerabilities

OpenCMS = 7.5.3 multiple vulnerabilities Name: OpenCMS = 7.5.3 multiple vulnerabilities Systems Affected: OpenCMS = 7.5.3 Severity: High Vendor: http://www.opencms.org Advisory: http://antisnatchor.com/opencms7.5.3multiplevulnerabilities Author: Michele "antisnatchor" Orru michele.orru AT...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.21 views

Comodo issued fraudlent certificates

login.live.com, mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org "Global Trustee" certificates were issued to untrusted third party...

2.4AI score
Exploits0References1
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.28 views

[SECURITY] [DSA 2203-1] nss security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2203-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 26, 2011 http://www.debian.org/security/faq -...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.29 views

Cisco VPN privileges escalation

Privilege escalation via Dial-Up Networking interface...

4.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.44 views

ZDI-11-111: (0Day) Hewlett-Packard Virtual SAN Appliance hydra.exe Login Request Remote Code Execution Vulnerability

ZDI-11-111: 0Day Hewlett-Packard Virtual SAN Appliance hydra.exe Login Request Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-111 March 23, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packa...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.75 views

[SECURITY] [DSA 2202-1] apache2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2202-1 [email protected] http://www.debian.org/security/ Stefan Fritsch March 23, 2011 http://www.debian.org/security/faq -...

4.3CVSS0.8AI score0.02721EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.63 views

Parallels Plesk 7.0 - 8.2 | Open URL Redirection Vulnerability

Parallels Plesk 7.0 - 8.2 | Open URL Redirection Vulnerability 1. OVERVIEW The Plesk versions from 7.0 to 8.2 are vulnerable to Open URL Redirection when "Enable [email protected]" access format, a new feature introduced in Plesk 7.0, is enabled in user preferences. 2. BACKGROUND Parallels Plesk...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.49 views

HTB22900: Multiple XSS vulnerabilities in SyndeoCMS

Vulnerability ID: HTB22900 Reference: http://www.htbridge.ch/advisory/multiplexssvulnerabilitiesinsyndeocms.html Product: SyndeoCMS Vendor: http://www.syndeocms.org/ http://www.syndeocms.org/ Vulnerable Version: 2.8.02 Vendor Notification: 10 March 2011 Vulnerability Type: XSS Cross Site Scriptin...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.31 views

HTB22902: XSS in SyndeoCMS

Vulnerability ID: HTB22902 Reference: http://www.htbridge.ch/advisory/xssinsyndeocms.html Product: SyndeoCMS Vendor: http://www.syndeocms.org/ http://www.syndeocms.org/ Vulnerable Version: 2.8.02 Vendor Notification: 10 March 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.54 views

HTB22899: Path disclosure in SyndeoCMS

Vulnerability ID: HTB22899 Reference: http://www.htbridge.ch/advisory/pathdisclosureinsyndeocms.html Product: SyndeoCMS Vendor: http://www.syndeocms.org/ http://www.syndeocms.org/ Vulnerable Version: 2.8.02 Vendor Notification: 10 March 2011 Vulnerability Type: Path disclosure Risk level: Low...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.30 views

Уязвимости в Artefact St. CMS

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Brute Force и Full path disclosure уязвимостях в системе Artefact St. CMS. Это украинская коммерческая CMS. XSS WASC-08: http://site/search/?s=3Cscript3Ealertdocument.cookie3C/script3E Brute Force WASC-11: http://site/admin/...

7AI score
Exploits0
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.54 views

HTB22895: XSS vulnerability in Ripe website manager

Vulnerability ID: HTB22895 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinripewebsitemanager.html Product: Ripe website manager Vendor: Ripe website manager Team http://www.ripewebsitemanager.com/ Vulnerable Version: 1.1 and probably prior versions Vendor Notification: 10 March 2011...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.41 views

Vulnerabilities in some SCADA server softwares

The following are almost all the vulnerabilities I found for a quick experiment some months ago in certain well known server-side SCADA softwares still vulnerable in this moment. In case someone doesn't know SCADA like me before the tests: it's just one or more softwares usually a core, a graphic...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.53 views

ZDI-11-112: (0 day) Hewlett-Packard Data Protector Media Operations DBServer.exe Remote Code Execution Vulnerability

ZDI-11-112: 0 day Hewlett-Packard Data Protector Media Operations DBServer.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-112 March 23, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packa...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.41 views

ESA-2011-010: EMC Data Protection Advisor Collector arbitrary code execution with elevated privileges vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-010: EMC Data Protection Advisor Collector arbitrary code execution with elevated privileges vulnerability EMC Identifier: ESA-2011-010 CVE Identifier: CVE-2011-1420 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected...

7.2CVSS2.6AI score0.00377EPSS
Exploits1
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.32 views

SCADA service multiple security vulnerabilities

Large number of different vulnerabilities in factory sofware...

2.2AI score
Exploits0References1Affected Software4
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.44 views

CORE-2011-0208: VLC Vulnerabilities handling .AMV and .NSV files

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ VLC Vulnerabilities handling .AMV and .NSV files 1. Advisory Information Title: VLC Vulnerabilities handling .AMV and .NSV files Advisory ID: CORE-2011-0208 Advisory URL:...

9.3CVSS7.5AI score0.75515EPSS
Exploits8
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.33 views

VLC media player security vulnerabilities

Buffer overflow on .AMV and .NSV parsing...

9.3CVSS5.2AI score0.75515EPSS
Exploits8References1
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.30 views

NGS00051 Patch Notification: Cisco VPN Client Privilege Escalation

High Risk Vulnerability in Cisco VPN client Windows 64 bit 25 March 2011 Gavin Jones of NGS Secure has discovered a High risk vulnerability in the Cisco VPN client Windows 64 bit. Impact: Privilege Escalation Cisco has released a patch that addresses the issue. The announcement of this patch can ...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.30 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.6AI score
Exploits0References10Affected Software3
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.24 views

HP Data Protector integer overflow

Data Protector Media Operations DBServer.exe TCP/19813integer overflow is unpatched for over 180 days...

3.9AI score
Exploits0References1
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.25 views

HP Virtual SAN Appliance buffer overflow

Buffer overflow in hydra.exe TCP/13838 authentication is unpatched for 180 days...

3.4AI score
Exploits0References1
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.37 views

Apache mpm_itk module privilege escalation

Under some conditions, request is processed with root privileged...

4.3CVSS3.5AI score0.02721EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/03/25 12:0 a.m.27 views

EMC Data Protection Advisor Collector weak security permissions

Weak permissions for executable files...

7.2CVSS2.9AI score0.00377EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities47153