Securityvulns - Page 200 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2011/03/23 12:0 a.m.•39 views

PHP-Nuke 8.x <= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability

PHP-Nuke 8.x = Cross Site Request Forgery CSRF / Anti-CSRF Bypass Vulnerability 1. OVERVIEW The PHP-Nuke version 8.x and lower versions are vulnerable to Cross Site Request Forgery CSRF because its Anti-CSRF mechanism Referer Check is found to be broken. 2. BACKGROUND PHP-Nuke is a Web Portal...

securityvulns•added 2011/03/23 12:0 a.m.•66 views

PHP-Nuke 8.x <= "chng_uid" Blind SQL Injection Vulnerability

PHP-Nuke 8.x = Blind SQL Injection Vulnerability 1. OVERVIEW The administration backend of PHP-Nuke 8.x is vulnerable to Blind SQL Injection. 2. BACKGROUND PHP-Nuke is a Web Portal System or content management system. The goal of PHP-Nuke is to have an automated web site to distribute news and...

securityvulns•added 2011/03/23 12:0 a.m.•31 views

NGS00014 Technical Advisory: Cisco IPSec VPN Implementation Group Name Enumeration

======= Summary ======= Name: Cisco IPSec VPN Implementation Group Name Enumeration Release Date: 22 March 2011 Reference: NGS00014 Discoverer: Gavin Jones Vendor: Cisco Vendor Reference: CSCei51783, CSCtj96108 Systems Affected: ASA 5500 Series Adaptive Security Appliances -Cisco PIX 500 Series...

securityvulns•added 2011/03/23 12:0 a.m.•255 views

NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability

NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 1111111 1 111 111001 111111111 0 10 1111 0 11 11 111111111 1 1101 10...

6.8CVSS6.7AI score0.02937EPSS

securityvulns•added 2011/03/23 12:0 a.m.•30 views

NGS00016 Technical Advisory: Immunity Debugger Buffer Overflow

======= Summary ======= Name: Immunity Debugger Buffer Overflow Release Date: 22 March 2011 Reference: NGS00016 Discoverer: Paul Harrington Vendor: Immunity Inc Vendor Reference: Support 3171 Systems Affected: Windows Risk: Low Status: Fixed ======== TimeLine ======== Discovered: 28 October 2010...

securityvulns•added 2011/03/23 12:0 a.m.•68 views

[USN-1089-1] Linux kernel vulnerabilities

=========================================================== Ubuntu Security Notice USN-1089-1 March 18, 2011 linux, linux-ec2 vulnerabilities CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4162, CVE-2010-4163, CVE-2010-4175, CVE-2010-4242...

4.9CVSS0.0104EPSS

securityvulns•added 2011/03/23 12:0 a.m.•91 views

About the security content of Mac OS X v10.6.7 and Security Update 2011-001

About the security content of Mac OS X v10.6.7 and Security Update 2011-001 Last Modified: March 21, 2011 Article: HT4581 Email this article Print this page Summary This document describes the security content of Mac OS X v10.6.7 and Security Update 2011-001, which can be downloaded and installed...

10CVSS0.2AI score0.2187EPSS

securityvulns•added 2011/03/23 12:0 a.m.•110 views

Apple Mac OS X multiple security vulnerabilities

Multiple DoS conditions, format strings vulnerability in AppleScript, memory corruption on different file formats parsing, information leakage, privilege escalation...

10CVSS2.9AI score0.2187EPSS

Exploits36References7Affected Software1

securityvulns•added 2011/03/21 12:0 a.m.•21 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Exploits0References5Affected Software5

securityvulns•added 2011/03/21 12:0 a.m.•89 views

libzip library / PHP DoS

NULL pointer dereference in zipnamelocate...

4.3CVSS1.8AI score0.13514EPSS

Exploits7References1Affected Software2

securityvulns•added 2011/03/21 12:0 a.m.•37 views

XSS vulnerability in Web Poll Pro

Product: Web Poll Pro Vendor: http://www.got.my Vulnerable Version: 1.0.3 and probably prior versions Vulnerability Type: Stored XSS Cross Site Scripting Risk level: Medium Credit: Hector.x90 Vulnerability Details: User can execute arbitrary JavaScript code within the vulnerable application. The...

securityvulns•added 2011/03/21 12:0 a.m.•45 views

Douran Portal File Download/Source Code Disclosure Vulnerability

Title: Douran Portal File Download/Source Code Disclosure Vulnerability Date of Publishing: 16 March 2010 Application Name: Douran Portal Version: 3.9.7.8 Impact: Medium Vendor: www.douran.com Link: http://douran.com/HomePage.aspx?TabID=4862 Vendor Responses: They didn't respond to the emails...

securityvulns•added 2011/03/21 12:0 a.m.•47 views

XOOPS 2.5.0 <= Cross Site Scripting Vulnerability

XOOPS 2.5.0 = Cross Site Scripting Vulnerability 1. OVERVIEW The XOOPS 2.5.0 and lower versions were vulnerable to Cross Site Scripting. 2. BACKGROUND XOOPS is an acronym of eXtensible Object Oriented Portal System. It's the 1 Content Management System CMS project on www.sourceforge.net and a...

securityvulns•added 2011/03/21 12:0 a.m.•228 views

libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)

libzip 0.9.3 zipnamelocate NULL Pointer Dereference incl PHP 5.3.5 Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - Dis.: 03.01.2011 - Pub.: 18.03.2011 CVE: CVE-2011-0421 CERT: VU325039 Affected Software: - libzip 0.9.3 - PHP 5.3.5 fixed 5.3.6 Original URL:...

4.3CVSS0.4AI score0.13514EPSS

securityvulns•added 2011/03/21 12:0 a.m.•53 views

LFI, IAA, XSS и FPD уязвимости в W-Agora

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Local File Inclusion, Insufficient Anti-automation, Cross-Site Scripting и Full path disclosure уязвимостях в W-Agora. Local File Inclusion WASC-31: http://site/register.php?bn=1 в папке conf http://site/register.php?bn=..1 в любой папке - только ...

securityvulns•added 2011/03/21 12:0 a.m.•41 views

Tugux CMS (nid) BLIND sql injection vulnerability

=================================================================== Tugux CMS nid BLIND sql injection vulnerability =================================================================== Software: Tugux CMS Vendor: www.tugux.com Vuln Type: BLind SQL Injection Download link:...

securityvulns•added 2011/03/17 12:0 a.m.•34 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Exploits0References6Affected Software3

securityvulns•added 2011/03/17 12:0 a.m.•36 views

SAP Crystal Reports Server crossite scripting

Multiple crossite scripting vulnerabilities...

Exploits0References1Affected Software1

securityvulns•added 2011/03/17 12:0 a.m.•27 views

SAP GUI DLL hijacking

DLL hijacking by placing .sap files in network floder...

Exploits0References1Affected Software1

securityvulns•added 2011/03/17 12:0 a.m.•31 views

RSA Access Manager Server unauthorized access

No description provided...

7.5CVSS4.6AI score0.01661EPSS

Exploits1References1Affected Software1

securityvulns•added 2011/03/17 12:0 a.m.•31 views

EMC Avamar secrurity vulnerabilities

Information leakage, privilege escalation...

8.5CVSS3.1AI score0.02518EPSS

Exploits0References1Affected Software1

securityvulns•added 2011/03/17 12:0 a.m.•55 views

HTB22892: Path disclosure in Smen Social Button wordpress plugin

Vulnerability ID: HTB22892 Reference: http://www.htbridge.ch/advisory/pathdisclosureinsmensocialbuttonwordpressplugin.html Product: Smen Social Button wordpress plugin Vendor: Alexandru Dumencu http://smen.ro/ Vulnerable Version: 0.7 Vendor Notification: 03 March 2011 Vulnerability Type: Path...

securityvulns•added 2011/03/17 12:0 a.m.•60 views

HTB22893: XSS in Sodahead Polls wordpress plugin

Vulnerability ID: HTB22893 Reference: http://www.htbridge.ch/advisory/xssinsodaheadpollswordpressplugin.html Product: Sodahead Polls wordpress plugin Vendor: SodaHead.com SodaHead.com Vulnerable Version: 2.0.2 Vendor Notification: 03 March 2011 Vulnerability Type: XSS Cross Site Scripting Risk...

securityvulns•added 2011/03/17 12:0 a.m.•64 views

ESA-2011-009: RSA, The Security Division of EMC, announces a fix for potential security vulnerability in RSA Access Manager Server

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-009: RSA, The Security Division of EMC, announces a fix for potential security vulnerability in RSA® Access Manager Server. Summary: RSA Access Manager Server contains a potential vulnerability that could be exploited by malicious people to...

7.5CVSS0.6AI score0.01661EPSS

securityvulns•added 2011/03/17 12:0 a.m.•40 views

HTB22891: XSS in Rating-Widget wordpress plugin

Vulnerability ID: HTB22891 Reference: http://www.htbridge.ch/advisory/xssinratingwidgetwordpressplugin2.html Product: Rating-Widget wordpress plugin Vendor: Vova Feldman http://rating-widget.com/ Vulnerable Version: 1.3.1 Vendor Notification: 03 March 2011 Vulnerability Type: XSS Cross Site...

securityvulns•added 2011/03/17 12:0 a.m.•66 views

[DSECRG-11-014] SAP GUI (sapgui) - DLL hijacking

DSECRG-11-014 SAP GUI sapgui - DLL hijacking SAP Front End applications SAPGui.exe are vulnerable to DLL hijacking attacks. It makes possible to remote code execution Digital Security Research Group DSecRG Advisory DSecRG-11-014 Internal DSecRG-00183 Application: SAP GUI Versions Affected: 6.4 -...

securityvulns•added 2011/03/17 12:0 a.m.•86 views

HTB22890: XSS in Rating-Widget wordpress plugin

Vulnerability ID: HTB22890 Reference: http://www.htbridge.ch/advisory/xssinratingwidgetwordpressplugin1.html Product: Rating-Widget wordpress plugin Vendor: Vova Feldman http://rating-widget.com/ Vulnerable Version: 1.3.1 Vendor Notification: 03 March 2011 Vulnerability Type: XSS Cross Site...

securityvulns•added 2011/03/17 12:0 a.m.•77 views

HTB22889: XSS in Rating-Widget wordpress plugin

Vulnerability ID: HTB22889 Reference: http://www.htbridge.ch/advisory/xssinratingwidgetwordpressplugin.html Product: Rating-Widget wordpress plugin Vendor: Vova Feldman http://rating-widget.com/ Vulnerable Version: 1.3.1 Vendor Notification: 03 March 2011 Vulnerability Type: XSS Cross Site...

securityvulns•added 2011/03/17 12:0 a.m.•70 views

[DSECRG-11-011] SAP Crystal Reports 2008 - Multiple XSS

DSECRG-11-011 SAP Crystal Reports 2008 - Multiple XSS SAP Crystal Report Server 2008 - multiple cross-site scripting vulnerabilities. SAP Crystal Report Server 2008 - Multiple cross-site scripting vulnerabilities. DSecRG-11-011 Internal DSECRG-00147 Multiple XSS vulnerabilities found in the modul...

securityvulns•added 2011/03/17 12:0 a.m.•48 views

HTB22894: XSS in Sodahead Polls wordpress plugin

Vulnerability ID: HTB22894 Reference: http://www.htbridge.ch/advisory/xssinsodaheadpollswordpressplugin1.html Product: Sodahead Polls wordpress plugin Vendor: SodaHead.com SodaHead.com Vulnerable Version: 2.0.2 Vendor Notification: 03 March 2011 Vulnerability Type: XSS Cross Site Scripting Status...

securityvulns•added 2011/03/17 12:0 a.m.•66 views

ESA-2011-007: EMC Avamar sensitive information disclosure vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-007: EMC Avamar sensitive information disclosure vulnerability. EMC Identifier: ESA-2011-007 CVE Identifier: CVE-2011-0442 Severity Rating: CVSS v2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Affected products: EMC Avamar 5.0.0-407 and later b...

3.5CVSS1AI score0.01061EPSS

securityvulns•added 2011/03/16 12:0 a.m.•33 views

nostromo nhttpd directory traversal

Directory traversal including code execution via CGI with escaped URI...

7.5CVSS4.3AI score0.03664EPSS

Exploits4References1Affected Software1

securityvulns•added 2011/03/16 12:0 a.m.•58 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Exploits0References21Affected Software7

securityvulns•added 2011/03/16 12:0 a.m.•38 views

[DSECRG-11-013] SAP NetWeaver Runtime - multiple XSS

DSECRG-11-013 SAP NetWeaver Runtime - multiple XSS SAP NetWeaver Integration Directory has linked XSS vulnerability. Digital Security Research Group DSecRG Advisory DSecRG-11-013 Internal DSecRG-00163 Application: SAP NetWeaver Runtime Versions Affected: SAP NetWeaver Runtime Vendor URL:...

securityvulns•added 2011/03/16 12:0 a.m.•77 views

[SECURITY] [DSA 2192-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2192-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano March 15, 2011 http://www.debian.org/security/faq -...

10CVSS4.6AI score0.09754EPSS

securityvulns•added 2011/03/16 12:0 a.m.•188 views

[RT-SA-2011-001] nostromo nhttpd directory traversal leading to arbitrary command execution

Advisory: nostromo nhttpd directory traversal leading to arbitrary command execution During a penetration test, RedTeam Pentesting discovered a directory traversal vulnerability leading to arbitrary command execution in the nostromo HTTP server. Details ======= Product: nostromo nhttpd Affected...

7.5CVSS9.8AI score0.03664EPSS

securityvulns•added 2011/03/16 12:0 a.m.•46 views

[DSECRG-11-012] SAP NetWeaver Integration Directory - multiple XSS

DSECRG-11-012 SAP NetWeaver Integration Directory - multiple XSS SAP NetWeaver Integration Directory has multiple linked XSS vulnerabilities. Digital Security Research Group DSecRG Advisory DSecRG-11-012 Internal DSecRG-00159 Application: SAP NetWeaver XI Versions Affected: SAP NetWeaver XI Vendo...

securityvulns•added 2011/03/16 12:0 a.m.•32 views

XSS, LFI и BT уязвимости в W-Agora

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Local File Inclusion и Brute Force уязвимостях в W-Agora. XSS WASC-08: http://site/current/getfile.php/supporthowto/223E3Cbody20onload=alertdocument.cookie3E/1/ Local File Inclusion WASC-31: В папке conf:...

securityvulns•added 2011/03/16 12:0 a.m.•112 views

Apple WebKit / Safari / iTunes / libtiff / Google Chrome multiple security vulnerabilities

Multiple vulnerabilities on PNG, TIFF, JPEG, XML parsing, multipe WebKit memory corruptions...

10CVSS3.3AI score0.43382EPSS

Exploits13References14Affected Software3

securityvulns•added 2011/03/16 12:0 a.m.•32 views

MIT Kerberos 5 double free

Double free vulnerability on PKINIT...

7.6CVSS2AI score0.08267EPSS

Exploits0References1Affected Software1

securityvulns•added 2011/03/16 12:0 a.m.•64 views

MITKRB5-SA-2011-003 [CVE-2011-0284] KDC double-free when PKINIT enabled

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2011-003 MIT krb5 Security Advisory 2011-003 Original release: 2011-03-15 Last update: 2011-03-15 Topic: KDC vulnerable to double-free when PKINIT enabled CVE-2011-0284 CVSSv2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C CVSSv2 Base...

7.6CVSS6.3AI score0.08267EPSS

securityvulns•added 2011/03/15 12:0 a.m.•21 views

Checkpoint VPN privilege escalation

It's possible to obtain Local System privileges...

Exploits0References1

securityvulns•added 2011/03/15 12:0 a.m.•30 views

QNX Neutrino RTOS privilege escalation

It's possible to overwrite files via LDDEBUGOUTPUT for suid applications...

Exploits0References1Affected Software1

securityvulns•added 2011/03/15 12:0 a.m.•65 views

HTB22877: Path disclosure in xt:Commerce

Vulnerability ID: HTB22877 Reference: http://www.htbridge.ch/advisory/pathdisclosureinxtcommerce.html Product: xt:Commerce Vendor: xt:Commerce GmbH http://www.xt-commerce.com/ Vulnerable Version: VEYTON 4.0.13 Vendor Notification: 01 March 2011 Vulnerability Type: Path disclosure Status: Fixed by...

securityvulns•added 2011/03/15 12:0 a.m.•50 views

bbPress 1.0.2 <= Cross Site Scripting Vulnerability

========================================= bbPress 1.0.2 = Cross Site Scripting Vulnerability ========================================= 1. OVERVIEW bbPress 1.0.2 and lower versions were vulnerable to Cross Site Scripting. 2. APPLICATION DESCRIPTION bbPress is plain and simple forum software, plain...

securityvulns•added 2011/03/15 12:0 a.m.•61 views

VUPEN Security Research - Apple Safari WebKit Scroll Event Handling Remote Use-after-free

VUPEN Security Research - Apple Safari WebKit Scroll Event Handling Remote Use-after-free http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used browser, with 4.45...

securityvulns•added 2011/03/15 12:0 a.m.•38 views

Уязвимость в sfWpCumulusPlugin для symfony

Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting уязвимости в плагине sfWpCumulusPlugin для symfony. Данная XSS уязвимость идентична XSS уязвимости в WP-Cumulus, т.к. приложение использует tagcloud.swf разработанный автором WP-Cumulus. Про миллионы флешек tagcloud.swf уязвимых к XSS атакам...

securityvulns•added 2011/03/15 12:0 a.m.•39 views

HTB22887: XSS vulnerability in LotusCMS

Vulnerability ID: HTB22887 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinlotuscms3.html Product: LotusCMS Vendor: Arboroia Network http://www.lotuscms.org/ Vulnerable Version: 3.0.3 and probably prior versions Vendor Notification: 01 March 2011 Vulnerability Type: Stored XSS Cross...

securityvulns•added 2011/03/15 12:0 a.m.•71 views

Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability

========================================== Joomla! 1.6.0 | Cross Site Scripting XSS Vulnerability ========================================== 1. OVERVIEW Joomla! 1.6.0 was vulnerable to Cross Site Scripting. 2. PRODUCT DESCRIPTION Joomla is a free and open source content management system CMS for...

securityvulns•added 2011/03/15 12:0 a.m.•34 views

Checkpoint VPN - Priviledge Escalation

It appears this bug has gone unoticed to vulnerability databases maintainers, very likely due to the lack of disclosure/publication. This usually means it's also not in compliance/patching systems and exposes customers to unecessary risk. To counteract I'd like to drop this note. Checkpoint SNX...

Total number of security vulnerabilities47153