Securityvulns - Page 2 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2015/10/26 12:0 a.m.•89 views

[KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability

------------------------------------------------------------------------------- Magento = 1.9.2 catalogProductCreate Autoloaded File Inclusion Vulnerability ------------------------------------------------------------------------------- - Software Link: http://magento.com/ - Affected Versions:...

0.5AI score0.02665EPSS

securityvulns•added 2015/10/26 12:0 a.m.•80 views

CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin

Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7377 Pending CVSS: 4.3 Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N CWE: CWE-79 Description ================ An unauthenticated reflected XSS vulnerability in Pie Register...

4.3CVSS1AI score0.05825EPSS

securityvulns•added 2015/10/26 12:0 a.m.•79 views

[CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin

Vulnerability title: SQL Injection in Support Ticket System 1.2 WordPress plugin CVE: CVE-2015-7670 Vendor: Tim Dahlmanns Product: Support Ticket System Affected version: 1.2 Fixed version: 1.2.1 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no...

7.5CVSS0.8AI score0.00659EPSS

securityvulns•added 2015/10/26 12:0 a.m.•95 views

[SECURITY] [DSA 3346-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3346-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 31, 2015 https://www.debian.org/security/faq -...

7.5CVSS1.5AI score0.14455EPSS

securityvulns•added 2015/10/26 12:0 a.m.•84 views

Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin

Vulnerability title: Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin CVE: CVE-2015-7666 Vendor: WordPress DWBooster Product: Payment Form for PayPal Pro Affected version: 1.0.1 Fixed version: 1.0.2 Reported by: Iberia Medeiros Vulnerability Details:...

4.3CVSS0.6AI score0.00587EPSS

securityvulns•added 2015/10/26 12:0 a.m.•74 views

Correction: BMC-2015-0005: File inclusion vulnerability caused by misconfiguration of "BIRT Viewer" servlet as used in BMC Remedy AR Reporting

Enigmail: ????? ????? ????????? ?? ???? ??????????? ??? ????????? Errata: This is a correction of our previous disclosure email from September 23rd, 2015. Our previous posting implied that the security vulnerability we discovered was in the "BIRT Viewer" servlet itself. This is NOT the case, but...

0.2AI score0.00348EPSS

securityvulns•added 2015/10/26 12:0 a.m.•80 views

Checkmarx CxQL Sandbox bypass (CVE-2014-8778)

Checkmarx CxQL Sandbox bypass CVE-2014-8778 Vendor: Checkmarx - www.checkmarx.com Product: CxSuite Version affected: 7.1.5 and prior Credit: Huy-Ngoc DAU @ngocdh of Deloitte Conseil, France ================================ Introduction ================================ Checkmarx is a static source...

9CVSS6.9AI score0.00569EPSS

securityvulns•added 2015/10/26 12:0 a.m.•4627 views

NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability

Document Title: =============== NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1600 Release Date: ============= 2015-09-24 Vulnerability Laboratory ID VL-ID: ====================================...

securityvulns•added 2015/10/26 12:0 a.m.•76 views

SiteWIX - (edit_photo2.php id) SQL Injection Exploit

!/usr/bin/env python -- coding:utf-8 -- Title : SiteWIX - editphoto2.php id SQL Injection Exploit Author : ZoRLu / [email protected] Website : milw00rm.com / milw00rm.net / milw00rm.org / milw0rm.info Twitter : https://twitter.com/milw00rm or @milw00rm Test : Windows7 Ultimate Discovery : 19/10/...

securityvulns•added 2015/10/26 12:0 a.m.•80 views

Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin

Vulnerability title: Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7669 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Iberia Medeiros Vulnerability Details:...

7.5CVSS1.2AI score0.01418EPSS

securityvulns•added 2015/10/26 12:0 a.m.•92 views

TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390

Information -------------------- Advisory by Netsparker. Name: SQL Injection Vulnerability in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : SQL Injection Severity : Critical Status : Fixed...

7.5CVSS10AI score0.004EPSS

securityvulns•added 2015/10/26 12:0 a.m.•67 views

Reflected Cross-Site Scripting (XSS) in iTop

Advisory ID: HTB23268 Product: iTop Vendor: Combodo SARL Vulnerable Versions: 2.1.0-2127 and probably prior Tested Version: 2.1.0-2127 Advisory Publication: July 29, 2015 without technical details Vendor Notification: July 29, 2015 Vendor Patch: July 30, 2015 Public Disclosure: September 23, 2015...

4.3CVSS6.8AI score0.27671EPSS

securityvulns•added 2015/10/26 12:0 a.m.•126 views

CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection

Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/IcBKLg . CVE ID: CVE-2015-5603 Product: JIRA and the HipChat for JIRA plugin. Affected HipChat For JIRA plugin versions: 1.3.2 = version 6.30.0 Affected JIRA product versions: 6.3.5 = version 6.4.11...

6.5CVSS0.4AI score0.8253EPSS

securityvulns•added 2015/10/26 12:0 a.m.•58 views

Cross-Site Request Forgery in Cerb

Advisory ID: HTB23269 Product: Cerb Vendor: Webgroup Media LLC Vulnerable Versions: 7.0.3 and probably prior Tested Version: 7.0.3 Advisory Publication: August 12, 2015 without technical details Vendor Notification: August 12, 2015 Vendor Patch: August 14, 2015 Public Disclosure: September 2, 201...

6.8CVSS0.2AI score0.05095EPSS

securityvulns•added 2015/10/26 12:0 a.m.•61 views

Apache James Server 2.3.2 security vulnerability fixed

Severity: Important Vendor: The Apache Software Foundation Versions Affected: James Server 2.3.2 Description: Apache James Server 2.3.2 has security issue that can let a user execute arbitrary system command for servers configured with file based user repositories. Mitigation: 2.3.2 users should...

securityvulns•added 2015/10/26 12:0 a.m.•85 views

Openfire 3.10.2 CSRF Vulnerabilities

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt Vendor: ================================ www.igniterealtime.org/projects/openfire www.igniterealtime.org/downloads/index.jsp Product: ================================...

securityvulns•added 2015/10/26 12:0 a.m.•106 views

DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584

Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability in DataTables Affected Software : DataTables Affected Versions : 1.10.8 and possibly below Vendor Homepage : https://github.com/DataTables/DataTables Vulnerability Type : Cross-site Scripting Severity : Important...

4.3CVSS7AI score0.00238EPSS

securityvulns•added 2015/10/26 12:0 a.m.•73 views

Reflected Cross-Site Scripting (XSS) in SourceBans

Advisory ID: HTB23273 Product: SourceBans Vendor: Sourcebans team Vulnerable Versions: 1.4.11 and probably prior Tested Version: 1.4.11 Advisory Publication: October 2, 2015 without technical details Vendor Notification: October 2, 2015 Public Disclosure: October 23, 2015 Vulnerability Type:...

securityvulns•added 2015/10/26 12:0 a.m.•95 views

CVE-2015-6576: Bamboo - Deserialisation resulting in remote code execution

Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/Hw7RLg . CVE ID: CVE-2015-6576 Product: Bamboo. Affected Bamboo product versions: 2.2 = version 5.8.5 5.9.0 = version 5.9.7 Summary: This advisory discloses a critical severity security vulnerability tha...

6.5CVSS2.3AI score0.02273EPSS

securityvulns•added 2015/10/26 12:0 a.m.•75 views

[CVE-2015-3623] Qlikview blind XXE Security Vulnerability

Exploit Title: Qlikview blind XXE security vulnerability Product: Qlikview Vulnerable Versions: v11.20 SR11 and previous versions Tested Version: v11.20 SR4 Advisory Publication: 08/09/2015 Latest Update: 08/09/2015 Vulnerability Type: Improper Restriction of XML External Entity Reference CWE-611...

6.4CVSS6.7AI score0.07417EPSS

securityvulns•added 2015/10/26 12:0 a.m.•79 views

CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin

Vulnerability title: SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin CVE: CVE-2015-7319 Vendor: WordPress DWBooster Product: Appointment Booking Calendar Affected version: 1.1.7 Fixed version: 1.1.8 Reported by: Ibйria Medeiros Vulnerability Details: ===================== It...

7.5CVSS1.9AI score0.00417EPSS

securityvulns•added 2015/10/26 12:0 a.m.•66 views

[security bulletin] HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of Information

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04863612 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04863612 Version: 1 HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of...

5CVSS0.2AI score0.06922EPSS

securityvulns•added 2015/10/26 12:0 a.m.•247 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9CVSS1.6AI score0.8253EPSS

Exploits84References50Affected Software34

securityvulns•added 2015/10/26 12:0 a.m.•73 views

A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin

Vulnerability title: A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7668 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no protection...

4.3CVSS1.6AI score0.00207EPSS

securityvulns•added 2015/10/25 12:0 a.m.•55 views

Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability

Document Title: =============== Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1597 Release Date: ============= 2015-09-21 Vulnerability Laboratory ID VL-ID:...

securityvulns•added 2015/10/25 12:0 a.m.•60 views

WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability

Document Title: =============== WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1595 Release Date: ============= 2015-09-23 Vulnerability Laboratory ID VL-ID:...

securityvulns•added 2015/10/25 12:0 a.m.•69 views

AoF ana CSRF vulnerabilities in D-Link DCS-2103

Hello 3APA3A! There are Abuse of Functionality and Cross-Site Request Forgery vulnerabilities in D-Link DCS-2103 IP camera. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DCS-2103, Firmware 1.20. All previous versions also must be...

securityvulns•added 2015/10/25 12:0 a.m.•114 views

APPLE-SA-2015-10-21-8 OS X Server 5.0.15

APPLE-SA-2015-10-21-8 OS X Server 5.0.15 OS X Server 5.0.15 is now available and addresses the following: BIND Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.1 or later Impact: Multiple vulnerabilities in BIND Description: Multiple vulnerabilities existed in BIND versions prior to...

7.8CVSS0.1AI score0.65919EPSS

securityvulns•added 2015/10/25 12:0 a.m.•80 views

APPLE-SA-2015-10-21-5 iTunes 12.3.1

APPLE-SA-2015-10-21-5 iTunes 12.3.1 iTunes 12.3.1 is now available and addresses the following: iTunes Available for: Windows 7 and later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may result in unexpected application termination or arbitrary code execution...

7.5CVSS0.7AI score0.02129EPSS

securityvulns•added 2015/10/25 12:0 a.m.•97 views

APPLE-SA-2015-10-21-1 iOS 9.1

APPLE-SA-2015-10-21-1 iOS 9.1 iOS 9.1 is now available and addresses the following: Accelerate Framework Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A...

10CVSS0.5AI score0.11581EPSS

securityvulns•added 2015/10/25 12:0 a.m.•71 views

[USN-2767-1] GDK-PixBuf vulnerabilities

========================================================================== Ubuntu Security Notice USN-2767-1 October 13, 2015 gdk-pixbuf vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

6.8CVSS0.5AI score0.02374EPSS

securityvulns•added 2015/10/25 12:0 a.m.•45 views

Different iOS / Android applications vulnerabilities

Information leaks, code execution, protection bypass, etc...

4.3CVSS3.8AI score0.01009EPSS

Exploits1References33Affected Software25

securityvulns•added 2015/10/25 12:0 a.m.•90 views

Google Chrome / Chromium / Oxide multiple security vulnerabilities

Restrictions bypass, memory corruptions, information disclosure...

7.5CVSS1.8AI score0.09224EPSS

Exploits4References1Affected Software1

securityvulns•added 2015/10/25 12:0 a.m.•96 views

[SECURITY] [DSA 3376-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3376-1 [email protected] https://www.debian.org/security/ Michael Gilbert October 20, 2015 https://www.debian.org/security/faq -...

7.5CVSS0.7AI score0.09224EPSS

securityvulns•added 2015/10/25 12:0 a.m.•51 views

KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Title: XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Advisory ID: KL-001-2015-004 Publication Date: 2015.09.01 Publication URL:...

0.2AI score0.00134EPSS

securityvulns•added 2015/10/25 12:0 a.m.•67 views

APPLE-SA-2015-10-21-7 Xcode 7.1

APPLE-SA-2015-10-21-7 Xcode 7.1 Xcode 7.1 is now available and addresses the following: Swift Available for: OS X Yosemite v10.10.5 or later Impact: Swift programs performing certain type conversions may receive unexpected values Description: A type conversion issue existed that could lead to...

7.5CVSS6AI score0.00396EPSS

securityvulns•added 2015/10/25 12:0 a.m.•60 views

Microsoft Office multiple security vulnerabilities

Multiple memory corruptions...

9.3CVSS2.2AI score0.43025EPSS

Exploits0Affected Software2

securityvulns•added 2015/10/25 12:0 a.m.•89 views

Apple Safari / Webkit multiple security vulnerabilities

Information spoofing, information disclosure, restriction bypass, race conditions, memory corruptions...

10CVSS1.6AI score0.01655EPSS

Exploits0References3Affected Software1

securityvulns•added 2015/10/25 12:0 a.m.•98 views

Apple iTunes multiple security vulnerabilities

Multiple memory corruptions, DLL injections, multiple WebKit vulnerabilities, information disclosure...

9.3CVSS1.4AI score0.37921EPSS

Exploits5References2Affected Software1

securityvulns•added 2015/10/25 12:0 a.m.•58 views

owncloud client server spoofing

Server certificate spoofing is possible...

2.6CVSS2.4AI score0.00161EPSS

Exploits0References1Affected Software1

securityvulns•added 2015/10/25 12:0 a.m.•89 views

UDID v1.0 iOS - Persistent Mail Encode Vulnerability

Document Title: =============== UDID v1.0 iOS - Persistent Mail Encode Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1590 Release Date: ============= 2015-09-22 Vulnerability Laboratory ID VL-ID: ==================================== 1590...

securityvulns•added 2015/10/25 12:0 a.m.•83 views

APPLE-SA-2015-10-21-3 Safari 9.0.1

APPLE-SA-2015-10-21-3 Safari 9.0.1 Safari 9.0.1 is now available and addresses the following: WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple...

6.8CVSS0.6AI score0.01655EPSS

securityvulns•added 2015/10/25 12:0 a.m.•77 views

APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6

APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address the following: Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a...

6.8CVSS0.8AI score0.02085EPSS

securityvulns•added 2015/10/25 12:0 a.m.•56 views

KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation Title: SiS Windows VGA Display Manager Multiple Privilege Escalation Advisory ID: KL-001-2015-003 Publication Date: 2015.09.01 Publication URL:...

7.2CVSS7.1AI score0.00608EPSS

securityvulns•added 2015/10/25 12:0 a.m.•100 views

Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities

Document Title: =============== Zhone ADSL2+ 4P Bridge & Router Broadcom - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1591 Download: http://www.zhone.com/support/downloads/cpe/6218-I2/6218-I2R030220AnnexA.zip Release Date:...

securityvulns•added 2015/10/25 12:0 a.m.•64 views

ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access

ERPSCAN Research Advisory ERPSCAN-15-017 SAP NetWeaver J2EE DAS service - Unauthorized Access Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA, probably others Vendor URL: http://SAP.com Bugs: Unauthorized access Sent: 20.04.2013 Reported: 21.04.2013 Vendor response: 21.04.2013...

securityvulns•added 2015/10/25 12:0 a.m.•59 views

Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability

Document Title: =============== Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1600 Release Date: ============= 2015-09-28 Vulnerability Laboratory ID VL-ID:...

securityvulns•added 2015/10/25 12:0 a.m.•62 views

Fortinet FortiClient multiple security vulnerabilities

Multiple privilege escalations...

7.2CVSS2.4AI score0.02547EPSS

Exploits5References1Affected Software1

securityvulns•added 2015/10/25 12:0 a.m.•153 views

MiniUPnP library buffer overflow

Buffer overflow on network request processing...

6.8CVSS3.8AI score0.03228EPSS

Exploits1References1Affected Software1

securityvulns•added 2015/10/25 12:0 a.m.•132 views

[USN-2769-1] Apache Commons HttpClient

========================================================================== Ubuntu Security Notice USN-2769-1 October 14, 2015 commons-httpclient vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

5.8CVSS0.7AI score0.01368EPSS

Total number of security vulnerabilities47153