Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2015/11/02 12:0 a.m.377 views

[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability

ADVISORY INFORMATION Title: Oracle E-Business Suite SQL injection Advisory ID: ERPSCAN-15-026 Advisory URL: http://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...

3.6CVSS0.01804EPSS
Exploits0
securityvulns
securityvulns
added 2015/11/02 12:0 a.m.162 views

audiofile memory corruption

Crash on audiofiles processing...

3.1AI score0.08802EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2015/11/02 12:0 a.m.559 views

apport security vulnerabilities

Symbolic links and hadlinks vulnerability in log files, privilege escalation...

7.2CVSS1.6AI score0.0091EPSS
Exploits2References2Affected Software1
securityvulns
securityvulns
added 2015/11/02 12:0 a.m.300 views

[USN-2786-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2786-1 October 28, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.8CVSS0.2AI score0.10288EPSS
Exploits0
securityvulns
securityvulns
added 2015/11/02 12:0 a.m.321 views

[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability

ADVISORY INFORMATION Title: Oracle E-Business Suite - XXE injection Advisory ID: ERPSCAN-15-029 Advisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 21.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...

6.8CVSS6.8AI score0.03088EPSS
Exploits0
securityvulns
securityvulns
added 2015/11/02 12:0 a.m.349 views

Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities

====================================================================== Secunia Research now part of Flexera Software 26/10/2015 Oracle Outside In Two Buffer Overflow Vulnerabilities ====================================================================== Table of Contents Affected...

1.5CVSS0.5AI score0.00927EPSS
Exploits4
securityvulns
securityvulns
added 2015/11/02 12:0 a.m.291 views

PHP security vulnerabilities

PHAR extension DoS...

6.8CVSS2.2AI score0.10288EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2015/11/02 12:0 a.m.267 views

[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability

ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: ERPSCAN-15-028 Advisory URL: http://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...

6.4CVSS6.7AI score0.03119EPSS
Exploits0
securityvulns
securityvulns
added 2015/11/02 12:0 a.m.263 views

[ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability

ADVISORY INFORMATION Title: Oracle E-Business Suite - Database user enumeration Advisory ID: ERPSCAN-15-025 Advisory URL: http://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/ Date published:20.10.2015 Vendors contacted: Oracle 2...

4.3CVSS6.6AI score0.02558EPSS
Exploits0
securityvulns
securityvulns
added 2015/11/02 12:0 a.m.300 views

[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability

ADVISORY INFORMATION Title: Oracle E-Business Suite Cross-site Scripting Advisory ID: ERPSCAN-15-027 Advisory URL:http://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY...

4.3CVSS6.4AI score0.03152EPSS
Exploits0
securityvulns
securityvulns
added 2015/11/02 12:0 a.m.435 views

[USN-2787-1] audiofile vulnerability

========================================================================== Ubuntu Security Notice USN-2787-1 October 28, 2015 audiofile vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

0.6AI score0.08802EPSS
Exploits0
securityvulns
securityvulns
added 2015/11/02 12:0 a.m.249 views

[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability

ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: ERPSCAN-15-030 Advisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...

6.8CVSS6.8AI score0.03088EPSS
Exploits0
securityvulns
securityvulns
added 2015/11/02 12:0 a.m.303 views

Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities

Quarterly update closes 140 vulnerabilities in different applications...

10CVSS2.1AI score0.9986EPSS
Exploits70References7Affected Software56
securityvulns
securityvulns
added 2015/11/02 12:0 a.m.323 views

[USN-2782-1] Apport vulnerability

========================================================================== Ubuntu Security Notice USN-2782-1 October 27, 2015 apport vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5AI score0.00429EPSS
Exploits0
securityvulns
securityvulns
added 2015/11/01 12:0 a.m.180 views

ntp multiple security vulnerabilities

Multiple memory corruptions...

7.8CVSS1.7AI score0.81762EPSS
Exploits6References1Affected Software1
securityvulns
securityvulns
added 2015/11/01 12:0 a.m.118 views

unzip security vulneravilities

DoS, code execution...

6.8CVSS2.7AI score0.07184EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2015/11/01 12:0 a.m.137 views

[USN-2788-1] unzip vulnerabilities

========================================================================== Ubuntu Security Notice USN-2788-1 October 29, 2015 unzip vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.8CVSS1AI score0.07184EPSS
Exploits0
securityvulns
securityvulns
added 2015/11/01 12:0 a.m.200 views

[USN-2783-1] NTP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2783-1 October 27, 2015 ntp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.8CVSS1.3AI score0.81762EPSS
Exploits6
securityvulns
securityvulns
added 2015/11/01 12:0 a.m.141 views

cURL security vulnerabilitiies

Request may be sent via wrong connection if NTLM authentication is used. Information disclosure, DoS...

9CVSS2.6AI score0.3763EPSS
Exploits1References3Affected Software2
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.85 views

[CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin

Vulnerability title: SQL Injection in Support Ticket System 1.2 WordPress plugin CVE: CVE-2015-7670 Vendor: Tim Dahlmanns Product: Support Ticket System Affected version: 1.2 Fixed version: 1.2.1 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no...

7.5CVSS0.8AI score0.03117EPSS
Exploits1
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.89 views

Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin

Vulnerability title: Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7669 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Iberia Medeiros Vulnerability Details:...

7.5CVSS1.2AI score0.07055EPSS
Exploits2
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.126 views

CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin

Vulnerability title: Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin CVE: CVE-2015-7320 Vendor: WordPress DWBooster Product: Appointment Booking Calendar Affected version: 1.1.7 Fixed version: 1.1.8 Reported by: Iberia Medeiros Vulnerability Details:...

4.3CVSS1.5AI score0.02137EPSS
Exploits2
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.113 views

DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584

Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability in DataTables Affected Software : DataTables Affected Versions : 1.10.8 and possibly below Vendor Homepage : https://github.com/DataTables/DataTables Vulnerability Type : Cross-site Scripting Severity : Important...

4.3CVSS7AI score0.02679EPSS
Exploits2
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.92 views

Checkmarx CxQL Sandbox bypass (CVE-2014-8778)

Checkmarx CxQL Sandbox bypass CVE-2014-8778 Vendor: Checkmarx - www.checkmarx.com Product: CxSuite Version affected: 7.1.5 and prior Credit: Huy-Ngoc DAU @ngocdh of Deloitte Conseil, France ================================ Introduction ================================ Checkmarx is a static source...

9CVSS6.9AI score0.03317EPSS
Exploits3
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.89 views

Openfire 3.10.2 CSRF Vulnerabilities

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt Vendor: ================================ www.igniterealtime.org/projects/openfire www.igniterealtime.org/downloads/index.jsp Product: ================================...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.66 views

[SYSS-2015-039] CSRF in OpenText Secure MFT

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-039 Product: Secure MFT Vendor: http://www.opentext.com Affected Versions: 2013 R3, 2014 R1/R2, 2015 R1 Tested Versions: 2014 R2 SP4 Vulnerability Type: Cross-Site Request Forgery CWE-352 Risk Level: Medium Solution Status:...

6.5AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.80 views

Reflected Cross-Site Scripting (XSS) in SourceBans

Advisory ID: HTB23273 Product: SourceBans Vendor: Sourcebans team Vulnerable Versions: 1.4.11 and probably prior Tested Version: 1.4.11 Advisory Publication: October 2, 2015 without technical details Vendor Notification: October 2, 2015 Public Disclosure: October 23, 2015 Vulnerability Type:...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.113 views

[SECURITY] [DSA 3375-1] wordpress security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3375-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 19, 2015 https://www.debian.org/security/faq -...

4.3CVSS0.9AI score0.06389EPSS
Exploits2
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.4631 views

NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability

Document Title: =============== NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1600 Release Date: ============= 2015-09-24 Vulnerability Laboratory ID VL-ID: ====================================...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.100 views

[SECURITY] [DSA 3346-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3346-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 31, 2015 https://www.debian.org/security/faq -...

7.5CVSS1.5AI score0.0506EPSS
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.128 views

CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection

Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/IcBKLg . CVE ID: CVE-2015-5603 Product: JIRA and the HipChat for JIRA plugin. Affected HipChat For JIRA plugin versions: 1.3.2 = version 6.30.0 Affected JIRA product versions: 6.3.5 = version 6.4.11...

6.5CVSS0.4AI score0.59312EPSS
Exploits7
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.69 views

HP ArcSight Logger security vulnerabilities

Authentication bypass, information disclosure...

5CVSS1AI score0.04439EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.75 views

WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability

Document Title: =============== WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1614 Release Date: ============= 2015-10-07 Vulnerability Laboratory ID VL-ID: ==================================== 1614...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.85 views

JSPMySQL Administrador CSRF & XSS Vulnerabilities

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-JSPMYSQLADMINISTRADOR-0904.txt Vendor: ================================ JSPMySQL Administrador https://sites.google.com/site/mfpledon/producao-de-software Product:...

Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.85 views

CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin

Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7377 Pending CVSS: 4.3 Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N CWE: CWE-79 Description ================ An unauthenticated reflected XSS vulnerability in Pie Register...

4.3CVSS1AI score0.04405EPSS
Exploits3
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.86 views

CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine

Vulnerability title: Arbitrary File Upload In X2Engine Inc. X2Engine CVE: CVE-2015-5074 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that authenticated users were able to upload files of any type providing...

7.5CVSS0.3AI score0.07505EPSS
Exploits5
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.65 views

Cross-Site Request Forgery in Cerb

Advisory ID: HTB23269 Product: Cerb Vendor: Webgroup Media LLC Vulnerable Versions: 7.0.3 and probably prior Tested Version: 7.0.3 Advisory Publication: August 12, 2015 without technical details Vendor Notification: August 12, 2015 Vendor Patch: August 14, 2015 Public Disclosure: September 2, 201...

6.8CVSS0.2AI score0.02617EPSS
Exploits5
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.94 views

Security advisory for Bugzilla 5.0, 4.4.9, and 4.2.14

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: Login names longer than 127 characters can be corrupted, which could lead to the creation of a user account with an unexpected ema...

7.5CVSS4.3AI score0.03371EPSS
Exploits1
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.92 views

CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine

Vulnerability title: Cross-Site Request Forgery In X2Engine Inc. X2Engine CVE: CVE-2015-5075 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that no protection against Cross-site Request Forgery attacks was...

6.8CVSS0.1AI score0.02756EPSS
Exploits4
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.81 views

A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin

Vulnerability title: A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7668 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no protection...

4.3CVSS1.6AI score0.02066EPSS
Exploits2
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.74 views

Zope Management Interface CSRF vulnerabilities

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt Vendor: ================================ www.zope.org plone.org Product: ================================ Zope Management Interface 4.3.7 Zope is a Python-based application...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.102 views

CVE-2015-6576: Bamboo - Deserialisation resulting in remote code execution

Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/Hw7RLg . CVE ID: CVE-2015-6576 Product: Bamboo. Affected Bamboo product versions: 2.2 = version 5.8.5 5.9.0 = version 5.9.7 Summary: This advisory discloses a critical severity security vulnerability tha...

6.5CVSS2.3AI score0.03618EPSS
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.70 views

Reflected Cross-Site Scripting (XSS) in iTop

Advisory ID: HTB23268 Product: iTop Vendor: Combodo SARL Vulnerable Versions: 2.1.0-2127 and probably prior Tested Version: 2.1.0-2127 Advisory Publication: July 29, 2015 without technical details Vendor Notification: July 29, 2015 Vendor Patch: July 30, 2015 Public Disclosure: September 23, 2015...

4.3CVSS6.8AI score0.05477EPSS
Exploits3
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.105 views

[REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ======================================================================== Revive Adserver Security Advisory REVIVE-SA-2015-001 ========================================================================...

7.5CVSS6.2AI score0.0325EPSS
Exploits1
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.88 views

CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin

Vulnerability title: SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin CVE: CVE-2015-7319 Vendor: WordPress DWBooster Product: Appointment Booking Calendar Affected version: 1.1.7 Fixed version: 1.1.8 Reported by: Ibйria Medeiros Vulnerability Details: ===================== It...

7.5CVSS1.9AI score0.02433EPSS
Exploits1
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.94 views

Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin

Vulnerability title: Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin CVE: CVE-2015-7666 Vendor: WordPress DWBooster Product: Payment Form for PayPal Pro Affected version: 1.0.1 Fixed version: 1.0.2 Reported by: Iberia Medeiros Vulnerability Details:...

4.3CVSS0.6AI score0.01776EPSS
Exploits2
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.77 views

[CVE-2015-3623] Qlikview blind XXE Security Vulnerability

Exploit Title: Qlikview blind XXE security vulnerability Product: Qlikview Vulnerable Versions: v11.20 SR11 and previous versions Tested Version: v11.20 SR4 Advisory Publication: 08/09/2015 Latest Update: 08/09/2015 Vulnerability Type: Improper Restriction of XML External Entity Reference CWE-611...

6.4CVSS6.7AI score0.1576EPSS
Exploits5
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.95 views

SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory 20151022-0 ======================================================================= title: Multiple critical vulnerabilities product: Lime Survey vulnerable version: 2.05 up to 2.06+ Build 151014 fixed version: 2.06+ Build 151016 CVE number: impact:...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.106 views

TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390

Information -------------------- Advisory by Netsparker. Name: SQL Injection Vulnerability in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : SQL Injection Severity : Critical Status : Fixed...

7.5CVSS10AI score0.01589EPSS
Exploits2
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.122 views

Dogma India dogmaindia CMS - Auth Bypass Vulnerability

Document Title: =============== Dogma India dogmaindia CMS - Auth Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1583 Release Date: ============= 2015-08-25 Vulnerability Laboratory ID VL-ID: ==================================== 158...

0.7AI score
Exploits0
Total number of security vulnerabilities47153