Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
SecurityvulnsRecent
RecentMost viewed

47153 matches found

securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.121 views

[ZDI-15-396] ManageEngine ServiceDesk Plus remote code execution

Hi, Yet another RCE bug in ManageEngine ServiceDesk. This was disclosed by ZDI under ID ZDI-15-396 on August 20th, and fixed in version 9103 1. Details below, full advisory can be obtained from my repo at E2. A Metasploit module that exploits this vulnerability has been submitted upstream in E3...

0.1AI score
Exploits0
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.66 views

HP ArcSight Logger security vulnerabilities

Authentication bypass, information disclosure...

5CVSS1AI score0.04439EPSS
Exploits0References2Affected Software1
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.111 views

DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584

Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability in DataTables Affected Software : DataTables Affected Versions : 1.10.8 and possibly below Vendor Homepage : https://github.com/DataTables/DataTables Vulnerability Type : Cross-site Scripting Severity : Important...

4.3CVSS7AI score0.02679EPSS
Exploits2
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.87 views

CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin

Vulnerability title: SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin CVE: CVE-2015-7319 Vendor: WordPress DWBooster Product: Appointment Booking Calendar Affected version: 1.1.7 Fixed version: 1.1.8 Reported by: Ibйria Medeiros Vulnerability Details: ===================== It...

7.5CVSS1.9AI score0.02433EPSS
Exploits1
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.125 views

Jenkins 1.626 - Cross Site Request Forgery / Code Execution

Title: Jenkins 1.626 - Cross Site Request Forgery / Code Execution Date: 27.08.15 Affected versions: = 1.626 current Vendor: jenkins-ci.org Contact: smash at devilteam.pl Cross site request forgery vulnerability in Jenkins 1.626 allows remote attackers to hjiack the authentication of users for mo...

8.1AI score
Exploits0
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.88 views

TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391

Information -------------------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : Cross-site Scripting Severity : Important Status :...

4.3CVSS7AI score0.00757EPSS
Exploits2
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.64 views

Cross-Site Request Forgery in Cerb

Advisory ID: HTB23269 Product: Cerb Vendor: Webgroup Media LLC Vulnerable Versions: 7.0.3 and probably prior Tested Version: 7.0.3 Advisory Publication: August 12, 2015 without technical details Vendor Notification: August 12, 2015 Vendor Patch: August 14, 2015 Public Disclosure: September 2, 201...

6.8CVSS0.2AI score0.02617EPSS
Exploits5
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.83 views

[CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin

Vulnerability title: SQL Injection in Support Ticket System 1.2 WordPress plugin CVE: CVE-2015-7670 Vendor: Tim Dahlmanns Product: Support Ticket System Affected version: 1.2 Fixed version: 1.2.1 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no...

7.5CVSS0.8AI score0.03117EPSS
Exploits1
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.249 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9CVSS1.6AI score0.59312EPSS
Exploits84References50Affected Software34
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.92 views

Security advisory for Bugzilla 5.0, 4.4.9, and 4.2.14

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: Login names longer than 127 characters can be corrupted, which could lead to the creation of a user account with an unexpected ema...

7.5CVSS4.3AI score0.03371EPSS
Exploits1
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.86 views

Boolean-based SQL injection Vulnerability in K2 Platforms

Title: Boolean-based SQL injection Vulnerability in K2 Platforms. Author: Wissam Bashour - Help AG Middle East Vendor: K2 Product: SmartForms, BlackPearl, K2 for sharepoint Version: 4.6.7 Tested Version: Version 4.6.7 Severity: HIGH CVE Reference: CVE-2015-7299 About the Product: K2 smartforms ca...

7.5CVSS7.3AI score0.02297EPSS
Exploits3
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.80 views

A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin

Vulnerability title: A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7668 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no protection...

4.3CVSS1.6AI score0.02066EPSS
Exploits2
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.75 views

Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: Login names longer than 127 characters can be corrupted, which could lead to the creation of a user account with an unexpected ema...

7.5CVSS4.3AI score0.03371EPSS
Exploits1
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.89 views

[SECURITY] [DSA 3369-1] zendframework security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3369-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini October 06, 2015 https://www.debian.org/security/faq -...

7.2CVSS2AI score0.00384EPSS
Exploits0
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.99 views

[KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability

------------------------------------------------------------------------------- Magento = 1.9.2 catalogProductCreate Autoloaded File Inclusion Vulnerability ------------------------------------------------------------------------------- - Software Link: http://magento.com/ - Affected Versions:...

0.5AI score0.0737EPSS
Exploits4
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.91 views

Checkmarx CxQL Sandbox bypass (CVE-2014-8778)

Checkmarx CxQL Sandbox bypass CVE-2014-8778 Vendor: Checkmarx - www.checkmarx.com Product: CxSuite Version affected: 7.1.5 and prior Credit: Huy-Ngoc DAU @ngocdh of Deloitte Conseil, France ================================ Introduction ================================ Checkmarx is a static source...

9CVSS6.9AI score0.03317EPSS
Exploits3
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.100 views

CVE-2015-6576: Bamboo - Deserialisation resulting in remote code execution

Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/Hw7RLg . CVE ID: CVE-2015-6576 Product: Bamboo. Affected Bamboo product versions: 2.2 = version 5.8.5 5.9.0 = version 5.9.7 Summary: This advisory discloses a critical severity security vulnerability tha...

6.5CVSS2.3AI score0.03618EPSS
Exploits0
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.87 views

Openfire 3.10.2 CSRF Vulnerabilities

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt Vendor: ================================ www.igniterealtime.org/projects/openfire www.igniterealtime.org/downloads/index.jsp Product: ================================...

6.9AI score
Exploits0
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.108 views

CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin

Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7682 Pending CVSS: 3.5 Low; AV:N/AC:M/Au:S/C:P/I:N/A:N CWE: CWE-89 Description ================ Two blind SQL injection vulnerabilities in Pie Register 2.0.18 allow...

6.5CVSS1AI score0.01383EPSS
Exploits3
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.103 views

[REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ======================================================================== Revive Adserver Security Advisory REVIVE-SA-2015-001 ========================================================================...

7.5CVSS6.2AI score0.0325EPSS
Exploits1
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.95 views

SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory 20151022-0 ======================================================================= title: Multiple critical vulnerabilities product: Lime Survey vulnerable version: 2.05 up to 2.06+ Build 151014 fixed version: 2.06+ Build 151016 CVE number: impact:...

0.7AI score
Exploits0
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.84 views

CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine

Vulnerability title: Arbitrary File Upload In X2Engine Inc. X2Engine CVE: CVE-2015-5074 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that authenticated users were able to upload files of any type providing...

7.5CVSS0.3AI score0.07505EPSS
Exploits5
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.93 views

Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin

Vulnerability title: Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin CVE: CVE-2015-7666 Vendor: WordPress DWBooster Product: Payment Form for PayPal Pro Affected version: 1.0.1 Fixed version: 1.0.2 Reported by: Iberia Medeiros Vulnerability Details:...

4.3CVSS0.6AI score0.01776EPSS
Exploits2
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.121 views

Dogma India dogmaindia CMS - Auth Bypass Vulnerability

Document Title: =============== Dogma India dogmaindia CMS - Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1583 Release Date: ============= 2015-08-25 Vulnerability Laboratory ID VL-ID: ==================================== 158...

0.7AI score
Exploits0
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.85 views

APPLE-SA-2015-10-21-7 Xcode 7.1

APPLE-SA-2015-10-21-7 Xcode 7.1 Xcode 7.1 is now available and addresses the following: Swift Available for: OS X Yosemite v10.10.5 or later Impact: Swift programs performing certain type conversions may receive unexpected values Description: A type conversion issue existed that could lead to...

7.5CVSS6AI score0.01619EPSS
Exploits0
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.456 views

Apple Xcode multiple security vulnerabilities

Restrictions bypass, weak encryption, information discosure, multiple svn vulnerabilities...

7.5CVSS1.6AI score0.99999EPSS
Exploits7References2Affected Software1
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.118 views

APPLE-SA-2015-10-21-1 iOS 9.1

APPLE-SA-2015-10-21-1 iOS 9.1 iOS 9.1 is now available and addresses the following: Accelerate Framework Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A...

10CVSS0.5AI score0.067EPSS
Exploits2
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.58 views

ZTE Callisto 821+ ADSL router security vulnerabilities

Crossite scripting, crossite request forgery...

1.7AI score
Exploits0References26
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.39 views

SiS / XGI display managers privilege escalation

IOCTL privilege escalation...

4AI score
Exploits0References2
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.48 views

Different iOS / Android applications vulnerabilities

Information leaks, code execution, protection bypass, etc...

4.3CVSS3.8AI score0.05911EPSS
Exploits1References33Affected Software25
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.57 views

Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability

Document Title: =============== Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1597 Release Date: ============= 2015-09-21 Vulnerability Laboratory ID VL-ID:...

Exploits0
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.44 views

D-Link DCS-2103 security vulnerabilities

Directory traversal, information leakage, XSS, CSRF...

2.9AI score
Exploits0References4
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.63 views

Microsoft Office multiple security vulnerabilities

Multiple memory corruptions...

9.3CVSS2.2AI score0.23007EPSS
Exploits0Affected Software2
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.99 views

[CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities

Advisory Information Title: FortiClient Antivirus Multiple Vulnerabilities Advisory ID: CORE-2015-0013 Advisory URL: http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities Date published: 2015-09-01 Date of last update: 2015-09-01 Vendors contacted: Fortinet...

7.2CVSS6.6AI score0.02029EPSS
Exploits5
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.138 views

[USN-2769-1] Apache Commons HttpClient

========================================================================== Ubuntu Security Notice USN-2769-1 October 14, 2015 commons-httpclient vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

5.8CVSS0.7AI score0.19312EPSS
Exploits1
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.96 views

APPLE-SA-2015-10-21-2 watchOS 2.0.1

APPLE-SA-2015-10-21-2 watchOS 2.0.1 watchOS 2.0.1 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Some cards may allow a terminal to retrieve limited recent transaction information when maki...

9.3CVSS0.7AI score0.067EPSS
Exploits1
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.51 views

SAP NetWeaver security vulnerabilities

Unauthorized access, XXE...

7.5CVSS3.8AI score0.12426EPSS
Exploits4References2Affected Software1
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.86 views

[SECURITY] [DSA 3373-1] owncloud security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3373-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 18, 2015 https://www.debian.org/security/faq...

10CVSS3.2AI score0.2482EPSS
Exploits0
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.103 views

Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities

Document Title: =============== Zhone ADSL2+ 4P Bridge & Router Broadcom - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1591 Download: http://www.zhone.com/support/downloads/cpe/6218-I2/6218-I2R030220AnnexA.zip Release Date:...

0.7AI score
Exploits0
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.74 views

Cisco ASA multiple security vulnerabilities

Multiple DoS conditions...

7.8CVSS1.9AI score0.02774EPSS
Exploits0
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.101 views

UDID v1.0 iOS - Persistent Mail Encode Vulnerability

Document Title: =============== UDID v1.0 iOS - Persistent Mail Encode Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1590 Release Date: ============= 2015-09-22 Vulnerability Laboratory ID VL-ID: ==================================== 1590...

0.5AI score
Exploits0
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.73 views

Multiple Remote Code Execution found in ZHONE

Vantage Point Security Advisory 2015-003 ======================================== Title: Multiple Remote Code Execution found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A 24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models Versions affected:...

Exploits0
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.87 views

Multiple Vulnerabilities found in ZHONE

Vantage Point Security Advisory 2015-002 ======================================== Title: Multiple Vulnerabilities found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A 24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models Versions affected: S3.0.501...

9CVSS0.1AI score0.53364EPSS
Exploits6
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.75 views

AoF ana CSRF vulnerabilities in D-Link DCS-2103

Hello 3APA3A! There are Abuse of Functionality and Cross-Site Request Forgery vulnerabilities in D-Link DCS-2103 IP camera. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DCS-2103, Firmware 1.20. All previous versions also must be...

0.2AI score
Exploits0
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.134 views

APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007

APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007 OS X El Capitan 10.11.1 and Security Update 2015-007 are now available and address the following: Accelerate Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiti...

10CVSS0.9AI score0.94859EPSS
Exploits57
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.92 views

owncloud multiple security vulnerabilities

Code execution, authentication bypass, information disclosure, crossite scripting, DoS...

10CVSS2.1AI score0.2482EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.65 views

My.WiFi USB Drive v1.0 iOS - File Include Vulnerability

Document Title: =============== My.WiFi USB Drive v1.0 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1589 Release Date: ============= 2015-09-24 Vulnerability Laboratory ID VL-ID: ==================================== 15...

8AI score
Exploits0
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.89 views

Re: CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android

CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Cordova Android File Transfer Plugin 1.2.1 and below Description: Android applications built with the Cordova framework...

4.3CVSS0.8AI score0.0343EPSS
Exploits0
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.37 views

ASUS RT-G32 security vulnerabilities

XSS, CSRF...

2.5AI score
Exploits0References1
securityvulns
securityvulnsadded 2015/10/25 12:0 a.m.68 views

ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access

ERPSCAN Research Advisory ERPSCAN-15-017 SAP NetWeaver J2EE DAS service - Unauthorized Access Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA, probably others Vendor URL: http://SAP.com Bugs: Unauthorized access Sent: 20.04.2013 Reported: 21.04.2013 Vendor response: 21.04.2013...

0.3AI score
Exploits0
Total number of security vulnerabilities47153