Securityvulns - Page 25 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2015/04/07 12:0 a.m.•31 views

arj multiple security vulnerabilities

Buffer overflow, directory traversal...

7.5CVSS4.2AI score0.05446EPSS

Exploits2References1

securityvulns•added 2015/04/07 12:0 a.m.•40 views

mailman directory traversal

Directory traversal via transport scripts...

7.6CVSS3.5AI score0.06687EPSS

Exploits1References1Affected Software1

securityvulns•added 2015/04/07 12:0 a.m.•21 views

OpenSSH memory leak

Memory leak on aborted client connection...

Exploits0References1Affected Software1

securityvulns•added 2015/04/07 12:0 a.m.•68 views

[ MDVSA-2015:192 ] subversion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:192 http://www.mandriva.com/en/support/security/ Package : subversion Date : April 3, 2015 Affected: Business Server 1.0, Business Server 2.0 Problem Description: Multiple vulnerabilities has been discovered...

7.8CVSS6.7AI score0.15803EPSS

securityvulns•added 2015/03/23 12:0 a.m.•51 views

[SECURITY] [DSA 3183-1] movabletype-opensource security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3183-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 12, 2015 http://www.debian.org/security/faq -...

7.5CVSS4.2AI score0.81049EPSS

securityvulns•added 2015/03/23 12:0 a.m.•41 views

Stored XSS Vulnerability in ADPlugg Wordpress Plugin

===================================================== Stored XSS Vulnerability in ADPlugg Wordpress Plugin ===================================================== . contents:: Table Of Content Overview ======== Title :Stored XSS Vulnerability in ADPlugg Wordpress Plugin Author: Kaustubh G. Padwad...

securityvulns•added 2015/03/23 12:0 a.m.•29 views

HelpDezk 1.0.1 Multiple Vulnerabilities

Exploit Title: HelpDezk 1.0.1 Multiple Vulnerabilities Google Dork: "intext: helpdezk-community-1.0.1" Date: 26-2-2015 Exploit Author: Dennis Veninga Vendor Homepage: http://www.helpdezk.org/ Vendor contacted: 26-2-2015 Version: 1.0.1 Tested on: Firefox 36 & Chrome 38 / W8.1-x64 HelpDezk - Versio...

securityvulns•added 2015/03/23 12:0 a.m.•33 views

Serendipity CMS - XSS Vulnerability in Version 2.0

Serendipity CMS - XSS Vulnerability in Version 2.0 ---------------------------------------------------------------- Product Information: Software: Serendipity CMS Tested Version: 2.0, released 23.1.2015 Vulnerability Type: Cross-Site Scripting CWE-79 Download link: http://www.s9y.org/12.html...

securityvulns•added 2015/03/23 12:0 a.m.•41 views

[SE-2014-02] Google App Engine Java security sandbox bypasses (details)

Hello All, Details of our SE-2014-02 project have been released to the public. A technical writeup and accompanying Proof of Concept codes can be found at the following location: http://www.security-explorations.com/en/SE-2014-02-details.html In case of Google App Engine for Java, its first layer...

securityvulns•added 2015/03/23 12:0 a.m.•159 views

CVE-2014-8487: Kony EMM insecurity Direct Object Reference

------------------------------------------------------------------------ Product: Enterprise Mobile Management Vendor: Kony Vulnerable Versions: Kony EMM 1.2 and probably older versions Tested Version: Drupal Kony EMM 1.2 Advisory Publication: 24 December 2014 Vendor Notification: 8 December 2014...

4CVSS0.9AI score0.00284EPSS

securityvulns•added 2015/03/23 12:0 a.m.•39 views

WeBid 1.1.1 Unrestricted File Upload Exploit

?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / / / XXXXXX / / XXXXXX / / XXXXXX / ------' Exploit Title : WeBid 1.1.1 Unrestricted File Upload Exploit Date ...

securityvulns•added 2015/03/23 12:0 a.m.•30 views

ocPortal 9.0.16 Multiply XSS Vulnerabilities

Exploit Title: ocPortal 9.0.16 Multiply XSS Vulnerabilities Google Dork: "Copyright c ocPortal 2011 " Date: 26-2-2015 Exploit Author: Dennis Veninga Vendor Homepage: http://ocportal.com/ Vendor contacted: 22-2-2015 Fix: http://ocportal.com/site/news/view/securityissues/xss-vulnerability-patch.htm...

securityvulns•added 2015/03/23 12:0 a.m.•97 views

Data Source: Scopus CMS - SQL Injection Web Vulnerability

Document Title: =============== Data Source: Scopus CMS - SQL Injection Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1436 Release Date: ============= 2015-02-25 Vulnerability Laboratory ID VL-ID: ====================================...

securityvulns•added 2015/03/23 12:0 a.m.•43 views

[SECURITY] [DSA 3176-1] request-tracker4 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3176-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 26, 2015 http://www.debian.org/security/faq -...

7.1CVSS0.6AI score0.00875EPSS

securityvulns•added 2015/03/23 12:0 a.m.•48 views

SQL Injection in Huge IT Slider WordPress Plugin

Advisory ID: HTB23250 Product: Huge IT Slider WordPress Plugin Vendor: Huge-IT Vulnerable Versions: 2.6.8 and probably prior Tested Version: 2.6.8 Advisory Publication: February 19, 2015 without technical details Vendor Notification: February 19, 2015 Vendor Patch: March 11, 2015 Public Disclosur...

7.4AI score0.00897EPSS

securityvulns•added 2015/03/23 12:0 a.m.•28 views

Wordpress Media Cleaner Plugin - XSS Vulnerability

Exploit Title: Wordpress Media Cleaner - XSS Author: smail SAYGILI Web Site: www.ismailsaygili.com.tr E-Mail: [email protected] Date: 2015-02-26 Plugin Download: https://downloads.wordpress.org/plugin/wp-media-cleaner.2.2.6.zip Version: 2.2.6 Vulnerable Files: + wp-media-cleaner.php...

securityvulns•added 2015/03/23 12:0 a.m.•38 views

Reflected cross-site scripting(XSS) Vulnerability in Manage Engine AD Audit Manager Plus Admin Panel(Build 6270)

Title:- Reflected cross-site scriptingXSS Vulnerability in Manage Engine AD Audit Manager Plus Admin PanelBuild 6270 Author: Harish Ramadoss - Help AG Middle East Vendor: ZOHO Corp Product: Manage Engine AD Audit Manager Plus Version: All versions below Build 6270 are mostly affected Tested...

4.3CVSS0.2AI score0.00441EPSS

securityvulns•added 2015/03/23 12:0 a.m.•33 views

Google Android sandbox bypass

Google App Engine Java sandbox escape...

Exploits0References1

securityvulns•added 2015/03/23 12:0 a.m.•45 views

[ MDVSA-2015:051 ] sympa

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:051 http://www.mandriva.com/en/support/security/ Package : sympa Date : March 3, 2015 Affected: Business Server 1.0 Problem Description: Updated sympa packages fix security vulnerability: A vulnerability hav...

5CVSS6.2AI score0.00585EPSS

securityvulns•added 2015/03/23 12:0 a.m.•26 views

EnanoCMS 1.1.8pl1 XSS Vulnerability

Exploit Title: EnanoCMS 1.1.8pl1 XSS Vulnerability Google Dork: "Website engine powered by Enano" Date: 24-2-2015 Exploit Author: Dennis Veninga Vendor Homepage: http://enanocms.org Version: 1.1.8pl1 Tested on: Firefox 36 & Chrome 38 / W8.1-x64 XSS Vulnerability in comments:...

securityvulns•added 2015/03/23 12:0 a.m.•144 views

SEC Consult SA-20150227-0 :: Multiple vulnerabilities in Loxone Smart Home

SEC Consult Vulnerability Lab Security Advisory 20150227-0 ======================================================================= title: Multiple vulnerabilities product: Loxone Smart Home vulnerable version: Firmware: 5.49; Android-App: 3.4.1 fixed version: 6.3 impact: High homepage:...

securityvulns•added 2015/03/23 12:0 a.m.•54 views

Community Gallery - Srored Corss-Site Scripting vulnerability

Vulnerability title: Community Gallery - Srored Corss-Site Scripting vulnerability Product: Community Gallery Vendor: https://www.woltlab.com Affected version: Community Gallery 2.0 before 12/10/2014 Download link: https://www.woltlab.com/purchase/?products=com.woltlab.gallery Fixed version:...

4.3CVSS0.4AI score0.13963EPSS

securityvulns•added 2015/03/23 12:0 a.m.•40 views

Betster (PHP Betoffice) Authentication Bypass and SQL Injection

?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / / / XXXXXX / / XXXXXX / / XXXXXX / ------' Exploit Title : Betster PHP Betoffice Authentication Bypass and SQ...

securityvulns•added 2015/03/23 12:0 a.m.•33 views

redcloth crossite scripting

Crossite scripting in conversion to HTML...

4.3CVSS0.7AI score0.00593EPSS

Exploits1References1Affected Software1

securityvulns•added 2015/03/23 12:0 a.m.•33 views

Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin

Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin . contents:: Table Of Content Overview Title :Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin Author: Kaustubh G. Padwad, Rohit Kumar. Plugin Homepage: https://yoast.com/wordpress/plugins/google-analytic...

securityvulns•added 2015/03/23 12:0 a.m.•94 views

WPML WordPress plug-in SQL injection etc.

OVERVIEW ========== WPML is the industry standard for creating multi-lingual WordPress sites. Three vulnerabilities were found in the plug-in. The most serious of them, an SQL injection problem, allows anyone to read the contents of the WordPress database, including user details and password...

securityvulns•added 2015/03/23 12:0 a.m.•69 views

[USN-2521-1] Oxide vulnerabilities

========================================================================== Ubuntu Security Notice USN-2521-1 March 10, 2015 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS1.9AI score0.04075EPSS

securityvulns•added 2015/03/23 12:0 a.m.•213 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.81049EPSS

Exploits17References29Affected Software24

securityvulns•added 2015/03/23 12:0 a.m.•66 views

N.E.T. E-Commerce Group Cross Site Scripting Vulnerability

Cross Site Scripting Vulnerability In N.E.T. E-Commerce Cms All Version @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@...

securityvulns•added 2015/03/23 12:0 a.m.•61 views

[CVE-2015-1583] ATutor LCMS - CSRF Vulnerability in Version 2.2

CVE-2015-1583 ATutor LCMS - CSRF Vulnerability in Version 2.2 ---------------------------------------------------------------- Product Information: Software: ATutor LCMS Tested Version: 2.2, released 25.8.2014 Vulnerability Type: Cross-Site Request Forgery, CSRF CWE-352 Download link:...

8.8AI score0.00228EPSS

securityvulns•added 2015/03/23 12:0 a.m.•27 views

Cross-Site-Scripting (XSS) in tcllib's html::textarea

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Cross-Site-Scripting XSS in tcllib's html::textarea Release Date: 26 February 2015 Last Modified: 26 February 2015 Author: Ben Fuhrmannek ben.fuhrmannekatsektioneins.de Application: tcllib - Tcl standard library - versions 1.0....

securityvulns•added 2015/03/23 12:0 a.m.•36 views

TangoBB 1.5.0-A3 XSS Vulnerability

Exploit Title: TangoBB 1.5.0-A3 XSS Vulnerability Google Dork: "Powered by TangoBB" Date: 24-2-2015 Exploit Author: Dennis Veninga Vendor Homepage: https://github.com/Codetana/TangoBB Version: 1.5.0-A3 Tested on: Firefox 36 & Chrome 38 / W8.1-x64 CVE : NONE Published: 24-2-2015 Vendor updated:...

securityvulns•added 2015/03/23 12:0 a.m.•62 views

[SECURITY] [DSA 3168-1] ruby-redcloth security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3168-1 [email protected] http://www.debian.org/security/ Sebastien Delafond February 22, 2015 http://www.debian.org/security/faq -...

4.3CVSS2AI score0.00593EPSS

securityvulns•added 2015/03/23 12:0 a.m.•49 views

Google Analytics by Yoast stored XSS

OVERVIEW ========== Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With approximately seven million downloads it’s one of the most popular WordPress plug-ins. A security vulnerability in the plug-in allows an unauthenticated attacker to store arbitrary HTML,...

securityvulns•added 2015/03/23 12:0 a.m.•41 views

ProjectSend r561 - SQL injection vulnerability

Vulnerability title: ProjectSend r561 - SQL injection vulnerability Product: ProjectSend r561 Vendor: http://www.projectsend.org/ Affected version: ProjectSend r561 Download link: http://www.projectsend.org/download/67/ Fixed version: N/A Author: Le Ngoc Phi phi.n.le itas vn & ITAS Team www.itas....

securityvulns•added 2015/03/23 12:0 a.m.•35 views

Alkacon OpenCms 9.5.1 Multiple XSS Vulnerabilities

Product: OpenCms Vendor: Alkacon Software Vulnerable Versions: 9.5.1 and probably prior Tested Version: 9.5.1 Vendor Notification: Mar 05, 2015 https://github.com/alkacon/opencms-core/issues/304 Vendor Patch: Not Yet No Specific Time-line Public Disclosure: Mar 12, 2015 Vulnerability Type:...

securityvulns•added 2015/03/23 12:0 a.m.•67 views

[SECURITY] [DSA 3176-1] request-tracker4 security update

Exploit Title: HelpDezk 1.0.1 Multiple Vulnerabilities Google Dork: "intext: helpdezk-community-1.0.1" Date: 26-2-2015 Exploit Author: Dennis Veninga Vendor Homepage: http://www.helpdezk.org/ Vendor contacted: 26-2-2015 Version: 1.0.1 Tested on: Firefox 36 & Chrome 38 / W8.1-x64 HelpDezk - Versio...

securityvulns•added 2015/03/23 12:0 a.m.•111 views

[SECURITY] [DSA 3164-1] typo3-src security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3164-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 21, 2015 http://www.debian.org/security/faq -...

securityvulns•added 2015/03/22 12:0 a.m.•35 views

Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)

Hi, We have recently discovered a vulnerability in the Dropbox SDK for Android. This vulnerability may enable theft of sensitive information from apps that use the vulnerable Dropbox SDK both locally by malware and also remotely by using drive-by exploitation techniques. The vulnerability is...

2.6CVSS0.3AI score0.06253EPSS

securityvulns•added 2015/03/22 12:0 a.m.•28 views

Dropbox SDK for Android account spoofing

It's possible to spoof account via OAuth...

2.6CVSS4.4AI score0.06253EPSS

Exploits0References1

securityvulns•added 2015/03/22 12:0 a.m.•412 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Restrictions bypass, information spoofing, information leakage, buffer overflows, memory corruptions, DoS, code execution...

7.5CVSS3.6AI score0.03173EPSS

Exploits0Affected Software3

securityvulns•added 2015/03/21 12:0 a.m.•35 views

Websense Data Security DLP incident Forensics Preview is vulnerable to Cross-Site Scripting

------------------------------------------------------------------------ Websense Data Security DLP incident Forensics Preview is vulnerable to Cross-Site Scripting ------------------------------------------------------------------------ Han Sahin, September 2014...

securityvulns•added 2015/03/21 12:0 a.m.•53 views

Path traversal vulnerability in EMC M&R (Watch4net) Device Discovery

------------------------------------------------------------------------ Path traversal vulnerability in EMC M&R Watch4net Device Discovery ------------------------------------------------------------------------ Han Sahin, November 2014...

6.4CVSS0.6AI score0.00311EPSS

securityvulns•added 2015/03/21 12:0 a.m.•45 views

Missing access control on Websense Explorer web folder

------------------------------------------------------------------------ Missing access control on Websense Explorer web folder ------------------------------------------------------------------------ Han Sahin, September 2014 ----------------------------------------------------------------------...

securityvulns•added 2015/03/21 12:0 a.m.•29 views

Citrix NetScaler VPX crossite scripting

Crossite scripting in help pages...

Exploits0References1Affected Software1

securityvulns•added 2015/03/21 12:0 a.m.•39 views

EMC M&R multiple security vulnerabilities

Crossite scripting, insecure data storage, directory traversal, unrestricted files upload...

6.5CVSS2.1AI score0.21436EPSS

Exploits18References7

securityvulns•added 2015/03/21 12:0 a.m.•109 views

PHP multiple security vulnerabilities

Resources exhaustion, memory corruptions...

7.5CVSS2.1AI score0.87334EPSS

Exploits18References2Affected Software1

securityvulns•added 2015/03/21 12:0 a.m.•47 views

[Onapsis Security Advisory 2015-001] Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security AdvisoryONAPSIS-2015-001: Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attack...

4.3CVSS5.9AI score0.00256EPSS

securityvulns•added 2015/03/21 12:0 a.m.•44 views

[Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security AdvisoryONAPSIS-2015-005: SAP Business Objects Unauthorized Audit Information Access via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to read auditi...

5CVSS6.2AI score0.00388EPSS

securityvulns•added 2015/03/21 12:0 a.m.•107 views

[SECURITY] [DSA 3198-1] php5 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3198-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 20, 2015 http://www.debian.org/security/faq -...

7.5CVSS1.5AI score0.4271EPSS

Total number of security vulnerabilities47153