Securityvulns - Page 25 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2015/04/07 12:0 a.m.•31 views

MIT Kerberos 5 multiple potential security vulnerabilities

Memory leaks, insufficient memory zeroing, etc...

Exploits0References1Affected Software1

securityvulns•added 2015/04/07 12:0 a.m.•40 views

mailman directory traversal

Directory traversal via transport scripts...

7.6CVSS3.5AI score0.07964EPSS

Exploits1References1Affected Software1

securityvulns•added 2015/04/07 12:0 a.m.•33 views

arj multiple security vulnerabilities

Buffer overflow, directory traversal...

7.5CVSS4.2AI score0.05889EPSS

Exploits2References1

securityvulns•added 2015/04/07 12:0 a.m.•56 views

[SECURITY] [DSA 3213-1] arj security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3213-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 06, 2015 http://www.debian.org/security/faq -...

7.5CVSS2.1AI score0.05889EPSS

securityvulns•added 2015/03/23 12:0 a.m.•57 views

Community Gallery - Srored Corss-Site Scripting vulnerability

Vulnerability title: Community Gallery - Srored Corss-Site Scripting vulnerability Product: Community Gallery Vendor: https://www.woltlab.com Affected version: Community Gallery 2.0 before 12/10/2014 Download link: https://www.woltlab.com/purchase/?products=com.woltlab.gallery Fixed version:...

4.3CVSS0.4AI score0.0369EPSS

securityvulns•added 2015/03/23 12:0 a.m.•71 views

N.E.T. E-Commerce Group Cross Site Scripting Vulnerability

Cross Site Scripting Vulnerability In N.E.T. E-Commerce Cms All Version @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@...

securityvulns•added 2015/03/23 12:0 a.m.•34 views

Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin

Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin . contents:: Table Of Content Overview Title :Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin Author: Kaustubh G. Padwad, Rohit Kumar. Plugin Homepage: https://yoast.com/wordpress/plugins/google-analytic...

securityvulns•added 2015/03/23 12:0 a.m.•46 views

[SECURITY] [DSA 3176-1] request-tracker4 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3176-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 26, 2015 http://www.debian.org/security/faq -...

7.1CVSS0.6AI score0.02825EPSS

securityvulns•added 2015/03/23 12:0 a.m.•37 views

TangoBB 1.5.0-A3 XSS Vulnerability

Exploit Title: TangoBB 1.5.0-A3 XSS Vulnerability Google Dork: "Powered by TangoBB" Date: 24-2-2015 Exploit Author: Dennis Veninga Vendor Homepage: https://github.com/Codetana/TangoBB Version: 1.5.0-A3 Tested on: Firefox 36 & Chrome 38 / W8.1-x64 CVE : NONE Published: 24-2-2015 Vendor updated:...

securityvulns•added 2015/03/23 12:0 a.m.•48 views

Reflected cross-site scripting(XSS) Vulnerability in Manage Engine AD Audit Manager Plus Admin Panel(Build 6270)

Title:- Reflected cross-site scriptingXSS Vulnerability in Manage Engine AD Audit Manager Plus Admin PanelBuild 6270 Author: Harish Ramadoss - Help AG Middle East Vendor: ZOHO Corp Product: Manage Engine AD Audit Manager Plus Version: All versions below Build 6270 are mostly affected Tested...

4.3CVSS0.2AI score0.03612EPSS

securityvulns•added 2015/03/23 12:0 a.m.•29 views

Cross-Site-Scripting (XSS) in tcllib's html::textarea

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Cross-Site-Scripting XSS in tcllib's html::textarea Release Date: 26 February 2015 Last Modified: 26 February 2015 Author: Ben Fuhrmannek ben.fuhrmannekatsektioneins.de Application: tcllib - Tcl standard library - versions 1.0....

securityvulns•added 2015/03/23 12:0 a.m.•114 views

[SECURITY] [DSA 3164-1] typo3-src security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3164-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 21, 2015 http://www.debian.org/security/faq -...

securityvulns•added 2015/03/23 12:0 a.m.•32 views

ocPortal 9.0.16 Multiply XSS Vulnerabilities

Exploit Title: ocPortal 9.0.16 Multiply XSS Vulnerabilities Google Dork: "Copyright c ocPortal 2011 " Date: 26-2-2015 Exploit Author: Dennis Veninga Vendor Homepage: http://ocportal.com/ Vendor contacted: 22-2-2015 Fix: http://ocportal.com/site/news/view/securityissues/xss-vulnerability-patch.htm...

securityvulns•added 2015/03/23 12:0 a.m.•49 views

[ MDVSA-2015:051 ] sympa

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:051 http://www.mandriva.com/en/support/security/ Package : sympa Date : March 3, 2015 Affected: Business Server 1.0 Problem Description: Updated sympa packages fix security vulnerability: A vulnerability hav...

5CVSS6.2AI score0.02436EPSS

securityvulns•added 2015/03/23 12:0 a.m.•48 views

ProjectSend r561 - SQL injection vulnerability

Vulnerability title: ProjectSend r561 - SQL injection vulnerability Product: ProjectSend r561 Vendor: http://www.projectsend.org/ Affected version: ProjectSend r561 Download link: http://www.projectsend.org/download/67/ Fixed version: N/A Author: Le Ngoc Phi phi.n.le itas vn & ITAS Team www.itas....

securityvulns•added 2015/03/23 12:0 a.m.•42 views

Betster (PHP Betoffice) Authentication Bypass and SQL Injection

?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / / / XXXXXX / / XXXXXX / / XXXXXX / ------' Exploit Title : Betster PHP Betoffice Authentication Bypass and SQ...

securityvulns•added 2015/03/23 12:0 a.m.•40 views

WeBid 1.1.1 Unrestricted File Upload Exploit

?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / / / XXXXXX / / XXXXXX / / XXXXXX / ------' Exploit Title : WeBid 1.1.1 Unrestricted File Upload Exploit Date ...

securityvulns•added 2015/03/23 12:0 a.m.•46 views

Stored XSS Vulnerability in ADPlugg Wordpress Plugin

===================================================== Stored XSS Vulnerability in ADPlugg Wordpress Plugin ===================================================== . contents:: Table Of Content Overview ======== Title :Stored XSS Vulnerability in ADPlugg Wordpress Plugin Author: Kaustubh G. Padwad...

securityvulns•added 2015/03/23 12:0 a.m.•30 views

EnanoCMS 1.1.8pl1 XSS Vulnerability

Exploit Title: EnanoCMS 1.1.8pl1 XSS Vulnerability Google Dork: "Website engine powered by Enano" Date: 24-2-2015 Exploit Author: Dennis Veninga Vendor Homepage: http://enanocms.org Version: 1.1.8pl1 Tested on: Firefox 36 & Chrome 38 / W8.1-x64 XSS Vulnerability in comments:...

securityvulns•added 2015/03/23 12:0 a.m.•58 views

SQL Injection in Huge IT Slider WordPress Plugin

Advisory ID: HTB23250 Product: Huge IT Slider WordPress Plugin Vendor: Huge-IT Vulnerable Versions: 2.6.8 and probably prior Tested Version: 2.6.8 Advisory Publication: February 19, 2015 without technical details Vendor Notification: February 19, 2015 Vendor Patch: March 11, 2015 Public Disclosur...

7.4AI score0.02446EPSS

securityvulns•added 2015/03/23 12:0 a.m.•69 views

[SECURITY] [DSA 3176-1] request-tracker4 security update

Exploit Title: HelpDezk 1.0.1 Multiple Vulnerabilities Google Dork: "intext: helpdezk-community-1.0.1" Date: 26-2-2015 Exploit Author: Dennis Veninga Vendor Homepage: http://www.helpdezk.org/ Vendor contacted: 26-2-2015 Version: 1.0.1 Tested on: Firefox 36 & Chrome 38 / W8.1-x64 HelpDezk - Versio...

securityvulns•added 2015/03/23 12:0 a.m.•58 views

Google Analytics by Yoast stored XSS

OVERVIEW ========== Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With approximately seven million downloads it’s one of the most popular WordPress plug-ins. A security vulnerability in the plug-in allows an unauthenticated attacker to store arbitrary HTML,...

securityvulns•added 2015/03/23 12:0 a.m.•72 views

[CVE-2015-1583] ATutor LCMS - CSRF Vulnerability in Version 2.2

CVE-2015-1583 ATutor LCMS - CSRF Vulnerability in Version 2.2 ---------------------------------------------------------------- Product Information: Software: ATutor LCMS Tested Version: 2.2, released 25.8.2014 Vulnerability Type: Cross-Site Request Forgery, CSRF CWE-352 Download link:...

8.8AI score0.01216EPSS

securityvulns•added 2015/03/23 12:0 a.m.•35 views

Serendipity CMS - XSS Vulnerability in Version 2.0

Serendipity CMS - XSS Vulnerability in Version 2.0 ---------------------------------------------------------------- Product Information: Software: Serendipity CMS Tested Version: 2.0, released 23.1.2015 Vulnerability Type: Cross-Site Scripting CWE-79 Download link: http://www.s9y.org/12.html...

securityvulns•added 2015/03/23 12:0 a.m.•55 views

[SECURITY] [DSA 3183-1] movabletype-opensource security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3183-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 12, 2015 http://www.debian.org/security/faq -...

7.5CVSS4.2AI score0.75029EPSS

securityvulns•added 2015/03/23 12:0 a.m.•99 views

Data Source: Scopus CMS - SQL Injection Web Vulnerability

Document Title: =============== Data Source: Scopus CMS - SQL Injection Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1436 Release Date: ============= 2015-02-25 Vulnerability Laboratory ID VL-ID: ====================================...

securityvulns•added 2015/03/23 12:0 a.m.•78 views

[USN-2521-1] Oxide vulnerabilities

========================================================================== Ubuntu Security Notice USN-2521-1 March 10, 2015 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS1.9AI score0.02565EPSS

securityvulns•added 2015/03/23 12:0 a.m.•172 views

CVE-2014-8487: Kony EMM insecurity Direct Object Reference

------------------------------------------------------------------------ Product: Enterprise Mobile Management Vendor: Kony Vulnerable Versions: Kony EMM 1.2 and probably older versions Tested Version: Drupal Kony EMM 1.2 Advisory Publication: 24 December 2014 Vendor Notification: 8 December 2014...

4CVSS0.9AI score0.01003EPSS

securityvulns•added 2015/03/23 12:0 a.m.•33 views

Google Android sandbox bypass

Google App Engine Java sandbox escape...

Exploits0References1

securityvulns•added 2015/03/23 12:0 a.m.•30 views

Wordpress Media Cleaner Plugin - XSS Vulnerability

Exploit Title: Wordpress Media Cleaner - XSS Author: smail SAYGILI Web Site: www.ismailsaygili.com.tr E-Mail: [email protected] Date: 2015-02-26 Plugin Download: https://downloads.wordpress.org/plugin/wp-media-cleaner.2.2.6.zip Version: 2.2.6 Vulnerable Files: + wp-media-cleaner.php...

securityvulns•added 2015/03/23 12:0 a.m.•149 views

SEC Consult SA-20150227-0 :: Multiple vulnerabilities in Loxone Smart Home

SEC Consult Vulnerability Lab Security Advisory 20150227-0 ======================================================================= title: Multiple vulnerabilities product: Loxone Smart Home vulnerable version: Firmware: 5.49; Android-App: 3.4.1 fixed version: 6.3 impact: High homepage:...

securityvulns•added 2015/03/23 12:0 a.m.•38 views

redcloth crossite scripting

Crossite scripting in conversion to HTML...

4.3CVSS0.7AI score0.02253EPSS

Exploits1References1Affected Software1

securityvulns•added 2015/03/23 12:0 a.m.•217 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.75029EPSS

Exploits17References29Affected Software24

securityvulns•added 2015/03/23 12:0 a.m.•98 views

WPML WordPress plug-in SQL injection etc.

OVERVIEW ========== WPML is the industry standard for creating multi-lingual WordPress sites. Three vulnerabilities were found in the plug-in. The most serious of them, an SQL injection problem, allows anyone to read the contents of the WordPress database, including user details and password...

securityvulns•added 2015/03/23 12:0 a.m.•31 views

HelpDezk 1.0.1 Multiple Vulnerabilities

Exploit Title: HelpDezk 1.0.1 Multiple Vulnerabilities Google Dork: "intext: helpdezk-community-1.0.1" Date: 26-2-2015 Exploit Author: Dennis Veninga Vendor Homepage: http://www.helpdezk.org/ Vendor contacted: 26-2-2015 Version: 1.0.1 Tested on: Firefox 36 & Chrome 38 / W8.1-x64 HelpDezk - Versio...

securityvulns•added 2015/03/23 12:0 a.m.•49 views

[SE-2014-02] Google App Engine Java security sandbox bypasses (details)

Hello All, Details of our SE-2014-02 project have been released to the public. A technical writeup and accompanying Proof of Concept codes can be found at the following location: http://www.security-explorations.com/en/SE-2014-02-details.html In case of Google App Engine for Java, its first layer...

securityvulns•added 2015/03/23 12:0 a.m.•38 views

Alkacon OpenCms 9.5.1 Multiple XSS Vulnerabilities

Product: OpenCms Vendor: Alkacon Software Vulnerable Versions: 9.5.1 and probably prior Tested Version: 9.5.1 Vendor Notification: Mar 05, 2015 https://github.com/alkacon/opencms-core/issues/304 Vendor Patch: Not Yet No Specific Time-line Public Disclosure: Mar 12, 2015 Vulnerability Type:...

securityvulns•added 2015/03/23 12:0 a.m.•63 views

[SECURITY] [DSA 3168-1] ruby-redcloth security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3168-1 [email protected] http://www.debian.org/security/ Sebastien Delafond February 22, 2015 http://www.debian.org/security/faq -...

4.3CVSS2AI score0.02253EPSS

securityvulns•added 2015/03/22 12:0 a.m.•31 views

Dropbox SDK for Android account spoofing

It's possible to spoof account via OAuth...

2.6CVSS4.4AI score0.05829EPSS

Exploits0References1

securityvulns•added 2015/03/22 12:0 a.m.•42 views

Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)

Hi, We have recently discovered a vulnerability in the Dropbox SDK for Android. This vulnerability may enable theft of sensitive information from apps that use the vulnerable Dropbox SDK both locally by malware and also remotely by using drive-by exploitation techniques. The vulnerability is...

2.6CVSS0.3AI score0.05829EPSS

securityvulns•added 2015/03/22 12:0 a.m.•413 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Restrictions bypass, information spoofing, information leakage, buffer overflows, memory corruptions, DoS, code execution...

7.5CVSS3.6AI score0.06029EPSS

Exploits0Affected Software3

securityvulns•added 2015/03/21 12:0 a.m.•98 views

Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser

------------------------------------------------------------------------ Path traversal vulnerability in EMC M&R Watch4net MIB Browser ------------------------------------------------------------------------ Han Sahin, November 2014...

4CVSS0.2AI score0.07414EPSS

securityvulns•added 2015/03/21 12:0 a.m.•36 views

Websense Data Security DLP incident Forensics Preview is vulnerable to Cross-Site Scripting

------------------------------------------------------------------------ Websense Data Security DLP incident Forensics Preview is vulnerable to Cross-Site Scripting ------------------------------------------------------------------------ Han Sahin, September 2014...

securityvulns•added 2015/03/21 12:0 a.m.•40 views

Advent JMX Servlet of Citrx Command Center is accessible to unauthenticated users

------------------------------------------------------------------------ Advent JMX Servlet of Citrx Command Center is accessible to unauthenticated users ------------------------------------------------------------------------ Han Sahin, August 2014...

securityvulns•added 2015/03/21 12:0 a.m.•40 views

EMC M&R multiple security vulnerabilities

Crossite scripting, insecure data storage, directory traversal, unrestricted files upload...

6.5CVSS2.1AI score0.07647EPSS

Exploits18References7

securityvulns•added 2015/03/21 12:0 a.m.•49 views

[Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security AdvisoryONAPSIS-2015-005: SAP Business Objects Unauthorized Audit Information Access via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to read auditi...

5CVSS6.2AI score0.02329EPSS

securityvulns•added 2015/03/21 12:0 a.m.•53 views

[Onapsis Security Advisory 2015-001] Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security AdvisoryONAPSIS-2015-001: Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attack...

4.3CVSS5.9AI score0.01892EPSS

securityvulns•added 2015/03/21 12:0 a.m.•38 views

Cross-Site Scripting vulnerability in Websense Explorer report scheduler

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Websense Explorer report scheduler ------------------------------------------------------------------------ Han Sahin, September 2014...

securityvulns•added 2015/03/21 12:0 a.m.•37 views

Command injection vulnerability in network diagnostics tool of Websense Appliance Manager

------------------------------------------------------------------------ Command injection vulnerability in network diagnostics tool of Websense Appliance Manager ------------------------------------------------------------------------ Han Sahin, September 2014...

securityvulns•added 2015/03/21 12:0 a.m.•68 views

Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Alerting Frontend

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in EMC M&R Watch4net Alerting Frontend ------------------------------------------------------------------------ Han Sahin, November 2014...

3.5CVSS1.2AI score0.01585EPSS

Total number of security vulnerabilities47153