Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
SecurityvulnsRecent
RecentMost viewed

47153 matches found

securityvulns
securityvulns•added 2015/02/23 12:0 a.m.•269 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.59254EPSS
Exploits47References23Affected Software19
securityvulns
securityvulns•added 2015/02/23 12:0 a.m.•73 views

[security bulletin] HPSBMU03232 rev.3 - HP SiteScope, Remote Elevation of Privilege

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04539443 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04539443 Version: 3 HPSBMU03232 rev....

5.5CVSS0.6AI score0.01989EPSS
Exploits0
securityvulns
securityvulns•added 2015/02/23 12:0 a.m.•60 views

[security bulletin] HPSBMU03239 rev.1 - HP UCMDB, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04553906 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04553906 Version: 1 HPSBMU03239 rev....

5CVSS0.1AI score0.37022EPSS
Exploits5
securityvulns
securityvulns•added 2015/02/23 12:0 a.m.•36 views

IBM Endpoint Manager crossite scripting

Relay Diagnostics crossite scripting...

4.3CVSS2.3AI score0.02253EPSS
Exploits4References1Affected Software1
securityvulns
securityvulns•added 2015/02/23 12:0 a.m.•61 views

[ MDVSA-2015:030 ] bugzilla

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:030 http://www.mandriva.com/en/support/security/ Package : bugzilla Date : February 5, 2015 Affected: Business Server 1.0 Problem Description: Updated bugzilla packages fix security vulnerability: Some code ...

6.5CVSS6.4AI score0.0204EPSS
Exploits0
securityvulns
securityvulns•added 2015/02/23 12:0 a.m.•73 views

[CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5

CVE-2015-1467 Fork CMS - SQL Injection in Version 3.8.5 ---------------------------------------------------------------- Product Information: Software: Fork CMS Tested Version: 3.8.5, released on Wednesday 14 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link to tested version:...

7.5CVSS7.2AI score0.02395EPSS
Exploits5
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•36 views

NetGear WNDR Authentication Bypass / Information Disclosure

NetGear WNDR Authentication Bypass / Information Disclosure Discovered by: ---- Peter Adkins [email protected] Access: ---- Local network; unauthenticated access. Remote network; unauthenticated access. Tracking and identifiers: ---- CVE - Mitre contacted; not yet allocated. Platforms...

7.7AI score
Exploits0
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•164 views

Cosmoshop - XSS on Admin-Login Mask

author: l0om page: l0om.org date: 14.02.2015 Cosmoshop is a simple webshop designed for the german market. There is a simple XSS flaw at the admin-login panel in probably all cosmoshop versions. The admin login can be found at http://www.shop-site.de/cgi-bin/cosmoshop/admin/index.cgi This page wi...

0.1AI score
Exploits0
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•69 views

Two Reflected XSS Vulnerabilities in Easing Slider WordPress Plugin

Advisory ID: HTB23249 Product: Easing Slider WordPress Plugin Vendor: Easing Slider Vulnerable Versions: 2.2.0.6 and probably prior Tested Version: 2.2.0.6 Advisory Publication: January 21, 2015 without technical details Vendor Notification: January 21, 2015 Vendor Patch: January 22, 2015 Public...

4.3CVSS6AI score0.02599EPSS
Exploits3
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•108 views

Elasticsearch restrictions bypass

Sandbox restrictions bypass...

7.5CVSS2.2AI score0.99906EPSS
Exploits19References1Affected Software1
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•27 views

Google mail application DoS

DoS on message parsing...

5CVSS3.1AI score0.01712EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•73 views

CVE-2015-1614 csrf/xss in in wordpress Plugin Image Metadata cruncher

Title: CSRF / Stored XSS Vulnerability in IMAGE-MEtadata-Cruncher Wordpress Plugin Author: Kaustubh G. Padwad CVE-ID : CVE-2015-1614 Plugin Homepage: https://wordpress.org/plugins/image-metadata-cruncher/ Severity: Medium Description: Vulnerable Parameter: Alternate text,Caption,Custom image meta...

6.8CVSS0.1AI score0.01196EPSS
Exploits2
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•55 views

[SECURITY] [DSA 3163-1] libreoffice security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3163-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini February 19, 2015 http://www.debian.org/security/faq -...

7.5CVSS2.3AI score0.04143EPSS
Exploits0
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•47 views

LibreOffice memory corruption

Memory corruption on RTF parsing...

7.5CVSS4.2AI score0.04143EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•104 views

UNIT4 Prosoft HRMS XSS Vulnerability

Vulnerability type: Cross-site Scripting Vendor: http://www.unit4.com/ Product: UNIT4 Prosoft HRMS Product site: http://www.unit4apac.com/products/prosofthrms Affected version: 8.14.230.47 Fixed version: 8.14.330.43 Credit: Jerold Hoong & Edric Teo PROOF OF CONCEPT The login page of UNIT4's Proso...

Exploits0
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•71 views

Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher

Title:- XSS In Image-Metadata-Cruncher Author: Kaustubh G. Padwad Product: image-metadata-cruncher pluginURL:https://wordpress.org/plugins/image-metadata-cruncher/ Severity: Medium Auth: Requierd Description: Vulnerable Parameter: Alternate text: Caption: Custom image meta tags: Vulnerability...

6.4AI score
Exploits0
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•22 views

NetGear WNDR security vulnerabilities

Information leakage, authentication bypass...

2.4AI score
Exploits0References1
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•34 views

Netatmo Weather Station information leakage

Information leakage...

5CVSS1.5AI score0.0283EPSS
Exploits0References1
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•103 views

[RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite

Advisory: Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite During a penetration test, RedTeam Pentesting discovered a Directory Traversal vulnerability in hybris Commerce software suite. This vulnerability allows attackers to download arbitrary files of any size...

5CVSS7.4AI score0.04083EPSS
Exploits3
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•40 views

Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability

============================================================ - Title: Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability - Vulnerable Version: 2.8.8 and probably prior -Tested Version:2.8.8 - Vendor Notification: 20 November 2014 - Vendor Patch: 20 November 2014 -Vulnerabili...

6.1AI score
Exploits0
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•55 views

CVE-2015-1574 - Google Email App 4.2.2 remote denial of service

Hello, Summary: A bug in the stock Google email application version 4.4.2.0200 has been found. An attacker can remotely perform an Denial Of Service attack by sending a specially crafted email. No interaction from the user is needed to produce the crash just receive the malicious email. The...

5CVSS1.8AI score0.01712EPSS
Exploits2
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•63 views

[CVE-2015-1585] Fat Free CRM - CSRF Vulnerability in Version 0.13.5

CVE-2015-1585 Fat Free CRM - CSRF Vulnerability in Version 0.13.5 ---------------------------------------------------------------- Product Information: Software: Fat Free CRM Tested Version: 0.13.5, released 22.1.2015 with over 10.000 downloads Vulnerability Type: Cross-Site Request Forgery, CSRF...

6.8CVSS6.4AI score0.01094EPSS
Exploits3
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•110 views

Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability

Document Title: =============== Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1355 Release Date: ============= 2015-02-09 Vulnerability Laboratory ID VL-ID: ==================================== 1355...

8.3AI score
Exploits0
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•54 views

UnZip multiple security vulnerabilities

Few buffer overflows...

7.5CVSS2.6AI score0.11562EPSS
Exploits2References3Affected Software1
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•84 views

[CVE-2015-1517] Piwigo - SQL Injection in Version 2.7.3

CVE-2015-1517 Piwigo - SQL Injection in Version 2.7.3 ---------------------------------------------------------------- Product Information: Software: Piwigo Tested Version: 2.7.3, released on 9 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link: http://piwigo.org/basics/downloads...

6CVSS0.3AI score0.02718EPSS
Exploits4
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•60 views

[USN-2503-1] Bind vulnerability

========================================================================== Ubuntu Security Notice USN-2503-1 February 18, 2015 bind9 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5.4CVSS0.1AI score0.22168EPSS
Exploits0
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•50 views

ISC bind named DoS

DNSSEC parsing assert...

5.4CVSS2.3AI score0.22168EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•37 views

CVE-2015-1600 - Netatmo Weather Station Cleartext Password Leak

Summary During initial setup, the weather station will submit its complete configuration unencrypted to the manufacturer cloud service. This configuration includes confidential information like the user's Wifi password. The problem has been fixed by removing this configuration dump from current...

5CVSS2.5AI score0.0283EPSS
Exploits0
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•69 views

[USN-2502-1] unzip vulnerabilities

========================================================================== Ubuntu Security Notice USN-2502-1 February 17, 2015 unzip vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS0.8AI score0.04898EPSS
Exploits2
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•98 views

Multiple Vulnerabilities in my little forum

Advisory ID: HTB23248 Product: my little forum Vendor: http://mylittleforum.net/ Vulnerable Versions: 2.3.3 and probably prior Tested Version: 2.3.3 Advisory Publication: January 14, 2015 without technical details Vendor Notification: January 14, 2015 Vendor Patch: February 8, 2015 Public...

6.5CVSS0.3AI score0.02421EPSS
Exploits4
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•129 views

PHP Code Execution in jui_filter_rules Parsing Library

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 PHP Code Execution in juifilterrules Parsing Library ====================================================== Researcher: Timo Schmid [email protected] Description =========== juifilterrules1 is a jQuery plugin which allows users to generate a rulese...

0.3AI score
Exploits0
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•209 views

Elasticsearch vulnerability CVE-2015-1427

Summary: Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerabilities allow an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM. We have been assigne...

7.5CVSS1.6AI score0.99906EPSS
Exploits19
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•96 views

[ MDVSA-2015:040 ] zarafa

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:040 http://www.mandriva.com/en/support/security/ Package : zarafa Date : February 10, 2015 Affected: Business Server 1.0 Problem Description: Updated zarafa packages fix security vulnerability: Robert Scheck...

5CVSS6.3AI score0.03355EPSS
Exploits1
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•108 views

[USN-2501-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2501-1 February 17, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS1.7AI score0.53166EPSS
Exploits14
securityvulns
securityvulns•added 2015/02/22 12:0 a.m.•80 views

PHP multiple security vulnerabilities

exifprocessunicode DoS, varunserializer.re code execution, information disclosure...

7.5CVSS1.4AI score0.42593EPSS
Exploits9References2Affected Software1
securityvulns
securityvulns•added 2015/02/16 12:0 a.m.•56 views

[oCERT-2015-002] e2fsprogs input sanitization errors

2015-002 e2fsprogs input sanitization errors Description: The e2fsprogs package is a set of open source utilities for ext2, ext3 and ext4 filesytems. The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information...

4.6CVSS9.3AI score0.00897EPSS
Exploits0
securityvulns
securityvulns•added 2015/02/16 12:0 a.m.•68 views

[SECURITY] [DSA 3160-1] xorg-server security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3160-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 11, 2015 http://www.debian.org/security/faq -...

6.4CVSS1.7AI score0.04502EPSS
Exploits0
securityvulns
securityvulns•added 2015/02/16 12:0 a.m.•38 views

X.Org information disclosure

XkbSetGeometry information disclosure and DoS...

6.4CVSS0.5AI score0.04502EPSS
Exploits0References1
securityvulns
securityvulns•added 2015/02/16 12:0 a.m.•32 views

Cisco Secure Access Control System SQL injection

SQL injection via Web interface...

6.5CVSS4.2AI score0.00916EPSS
Exploits0Affected Software1
securityvulns
securityvulns•added 2015/02/16 12:0 a.m.•38 views

Open-Xchange restrictions bypass

It's possible to bypass file sharing restrictions...

4CVSS2.2AI score0.02131EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns•added 2015/02/16 12:0 a.m.•57 views

Open-Xchange Security Advisory 2015-02-12

Product: Open-Xchange Server 6 / OX AppSuite Vendor: Open-Xchange GmbH Internal reference: 35889 Bug ID Vulnerability type: Information Exposure CWE-200 Vulnerable version: 7.6.1 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version:...

4CVSS2.4AI score0.02131EPSS
Exploits0
securityvulns
securityvulns•added 2015/02/16 12:0 a.m.•42 views

libmspack / cabextract DoS

Infinite loop on extraction...

5CVSS2.3AI score0.02817EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns•added 2015/02/16 12:0 a.m.•53 views

[SECURITY] [DSA 3150-1] vlc security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3150-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini February 02, 2015 http://www.debian.org/security/faq -...

3.6AI score0.02373EPSS
Exploits0
securityvulns
securityvulns•added 2015/02/16 12:0 a.m.•42 views

vlc multiple security vulnerabilities

Integer overflows, buffer overflows...

3.1AI score0.02373EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns•added 2015/02/16 12:0 a.m.•37 views

[ MDVSA-2015:044 ] perl-Gtk2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:044 http://www.mandriva.com/en/support/security/ Package : perl-Gtk2 Date : February 12, 2015 Affected: Business Server 1.0 Problem Description: A vulnerability has been discovered and corrected in perl-Gtk2...

7.4AI score
Exploits0
securityvulns
securityvulns•added 2015/02/16 12:0 a.m.•24 views

perl-Gtk2 use-after-free

Gtk2::Gdk::Display::listdevices use-after-free...

0.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns•added 2015/02/16 12:0 a.m.•53 views

[ MDVSA-2015:041 ] cabextract

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:041 http://www.mandriva.com/en/support/security/ Package : cabextract Date : February 10, 2015 Affected: Business Server 1.0 Problem Description: Updated cabextract packages fix security vulnerability:...

5CVSS5.1AI score0.02817EPSS
Exploits1
securityvulns
securityvulns•added 2015/02/16 12:0 a.m.•57 views

[ MDVSA-2015:045 ] e2fsprogs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:045 http://www.mandriva.com/en/support/security/ Package : e2fsprogs Date : February 12, 2015 Affected: Business Server 1.0 Problem Description: Updated e2fsprogs packages fix security vulnerability: The...

4.6CVSS9.4AI score0.00897EPSS
Exploits0
securityvulns
securityvulns•added 2015/02/16 12:0 a.m.•42 views

dbus DoS

Incorrect errors handling...

1.9CVSS2.2AI score0.00273EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns•added 2015/02/16 12:0 a.m.•61 views

[SECURITY] [DSA 3161-1] dbus security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3161-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 11, 2015 http://www.debian.org/security/faq -...

1.9CVSS1.1AI score0.00273EPSS
Exploits0
Total number of security vulnerabilities47153