Securityvulns - Page 35 of Securityvulns Vulnerabilities List

securityvulns•added 2014/12/23 12:0 a.m.•99 views

[SECURITY] [DSA 3107-1] subversion security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3107-1 [email protected] http://www.debian.org/security/ Florian Weimer December 20, 2014 http://www.debian.org/security/faq -...

5CVSS1.7AI score0.13653EPSS

securityvulns•added 2014/12/23 12:0 a.m.•80 views

APPLE-SA-2014-12-22-1 OS X NTP Security Update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-12-22-1 OS X NTP Security Update OS X NTP Security Update is now available and addresses the following: ntpd Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1 Impact: A remote attacker may be able ...

7.5CVSS1.5AI score0.57272EPSS

securityvulns•added 2014/12/23 12:0 a.m.•145 views

[SECURITY] [DSA 3109-1] firebird2.5 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3109-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 21, 2014 http://www.debian.org/security/faq -...

5CVSS1.8AI score0.01484EPSS

securityvulns•added 2014/12/23 12:0 a.m.•67 views

[oCERT-2014-011] UnZip input sanitization errors

2014-011 UnZip input sanitization errors Description: The UnZip tool is an open source extraction utility for archives compressed in the zip format. The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification, the testcompreb and the getZip64Data functions...

0.4AI score0.09808EPSS

securityvulns•added 2014/12/23 12:0 a.m.•87 views

PHP security vulnerabilities

Use-after-free in unserialize...

10CVSS2.5AI score0.8832EPSS

Exploits8References1Affected Software1

securityvulns•added 2014/12/22 12:0 a.m.•41 views

[security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04530570 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04530570 Version: 1 HPSBOV03225 rev....

5CVSS0.3AI score0.01324EPSS

securityvulns•added 2014/12/22 12:0 a.m.•65 views

[CVE-2014-8340] phpTrafficA SQL injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: phpTrafficA Product page: http://soft.zoneo.net/phpTrafficA/ Affected versions: Up to and including 2.3 latest as of writing. Description: An SQL injection exists in Php/Functions/logfunction.php, line 933: $sql3 ="INSERT INTO $tablehost SET...

7.8AI score0.00319EPSS

securityvulns•added 2014/12/22 12:0 a.m.•63 views

APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3 Xcode 6.2 beta 3 is now available and addresses the following: Git Available for: OS X Mavericks v10.9.4 or later Impact: Synching with a malicious git repository may allow unexpected files to be added to the .gi...

0.4AI score0.77155EPSS

Exploits5

securityvulns•added 2014/12/22 12:0 a.m.•38 views

GParted code execution

Commands injections...

7.2CVSS3AI score0.00532EPSS

Exploits5References1Affected Software1

securityvulns•added 2014/12/22 12:0 a.m.•32 views

libYAML DoS

Assertion on strings parsing...

5CVSS3.3AI score0.5763EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/12/22 12:0 a.m.•63 views

Jease CMS v2.11 - Persistent UI Web Vulnerability

Document Title: =============== Jease CMS v2.11 - Persistent UI Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1373 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8780 CVE-ID: ======= CVE-2014-8780 Release Date: =============...

3.5CVSS0.00138EPSS

securityvulns•added 2014/12/22 12:0 a.m.•41 views

SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted

SEC Consult Vulnerability Lab Security Advisory 20141218-1 ======================================================================= title: OS Command Execution product: GParted - Gnome Partition Editor vulnerable version: =0.14.1 fixed version: =0.15.0, =0.14.1 with fix for CVE-2014-7208 applied C...

7.2CVSS0.1AI score0.00532EPSS

Exploits5

securityvulns•added 2014/12/22 12:0 a.m.•34 views

c-icap DoS

Few different DoS conditions...

5CVSS1.2AI score0.01382EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/12/22 12:0 a.m.•38 views

getmail security vulnerabilities

Multiple vulnerabilities in certificates check...

6.8CVSS2AI score0.0021EPSS

securityvulns•added 2014/12/22 12:0 a.m.•46 views

iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability

Document Title: =============== iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1375 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9336 CVE-ID: ======= CVE-2014-9336 Release Date:...

6.8CVSS6.1AI score0.00095EPSS

Exploits5

securityvulns•added 2014/12/22 12:0 a.m.•67 views

Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability

Document Title: =============== Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1357 Release Date: ============= 2014-12-02 Vulnerability Laboratory ID VL-ID: ==================================== 1357...

6.6AI score

securityvulns•added 2014/12/22 12:0 a.m.•51 views

Morfy CMS v1.05 - Command Execution Vulnerability

Document Title: =============== Morfy CMS v1.05 - Command Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1367 https://github.com/Awilum/monstra-cms/issues/351 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9185 CVE-ID:...

6.5CVSS0.2AI score0.00554EPSS

securityvulns•added 2014/12/22 12:0 a.m.•164 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.15266EPSS

Exploits27References25Affected Software17

securityvulns•added 2014/12/22 12:0 a.m.•42 views

Docker multiple security vulnerabilities

Symbolic links vulnerability, directory traversal, privilege escalation...

10CVSS3.3AI score0.36182EPSS

Exploits0References2Affected Software1

securityvulns•added 2014/12/22 12:0 a.m.•113 views

[Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory ONAPSIS-2014-034: SAP Business Objects Search Token Privilege Escalation via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote and potentially unauthenticated attacker would be able t...

0.2AI score0.09493EPSS

securityvulns•added 2014/12/22 12:0 a.m.•71 views

Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities

Title: Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 02 November 2014 Updated: 9 December 2014 Published: 9 December 2014 MorXploit Research http://www.MorXploit.com Vendor: Concrete5 Vendor url: www.concrete5.org...

5.6AI score

securityvulns•added 2014/12/22 12:0 a.m.•45 views

[SECURITY] [DSA 3101-1] c-icap security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3101-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 13, 2014 http://www.debian.org/security/faq -...

5CVSS2AI score0.01382EPSS

securityvulns•added 2014/12/22 12:0 a.m.•29 views

CA LISA Release Automation multiple security vulnerabilities

XSS, CSRF, SQL injection...

6.8CVSS2.8AI score0.04512EPSS

securityvulns•added 2014/12/22 12:0 a.m.•58 views

TWiki Security Advisory - XSS Vulnerability - CVE-2014-9325

Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING in TWiki Affected Software : TWiki Affected Versions: 6.0.1 and possibly below Vendor Homepage : http://www.twiki.org/ Vulnerability Type : Cross-site Scripting Severity :...

4.3CVSS0.3AI score0.00336EPSS

securityvulns•added 2014/12/22 12:0 a.m.•106 views

CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in "Intrexx Professional"

4.3CVSS0.3AI score0.00295EPSS

securityvulns•added 2014/12/22 12:0 a.m.•31 views

HP OpenVMS POP3 DoS

No description provided...

5CVSS0.5AI score0.01324EPSS

securityvulns•added 2014/12/22 12:0 a.m.•47 views

SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor

SEC Consult Vulnerability Lab Security Advisory 20141219-0 ======================================================================= title: XSS & Memory Disclosure product: NetIQ eDirectory NDS iMonitor vulnerable version: 8.8 SP8, 8.8 SP7 fixed version: 8.8 SP8 HF 4, fix available for versions 8.8...

4.3CVSS0.2AI score0.12722EPSS

securityvulns•added 2014/12/22 12:0 a.m.•43 views

Apple Xcode git client unauthorized files access

Invali processing of characters case in special files names...

4.4AI score0.77155EPSS

Exploits5References1Affected Software1

securityvulns•added 2014/12/22 12:0 a.m.•55 views

"Ettercap 8.0 - 8.1" multiple vulnerabilities

"Ettercap 8.0 - 8.1" multiple vulnerabilities Description ------------------------------------------------------------ Twelve vulnerabilities exist on ettercap-ng which allow remote denial of service and possible remote code execution. Specifically, the following vulnerabilities were identified: ...

7.5CVSS1.9AI score0.26583EPSS

securityvulns•added 2014/12/22 12:0 a.m.•87 views

[SECURITY] [DSA 3100-1] mediawiki security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3100-1 [email protected] http://www.debian.org/security/ Sebastien Delafond December 12, 2014 http://www.debian.org/security/faq -...

7.5CVSS0.7AI score0.00862EPSS

securityvulns•added 2014/12/22 12:0 a.m.•94 views

TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367

Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability with Scope and Other URL Parameters of WebSearch Affected Software : TWiki Affected Versions: 6.0.1 and possibly below Vendor Homepage : http://www.twiki.org/ Vulnerability Type : Cross-site Scripting Severity :...

4.3CVSS0.2AI score0.00336EPSS

securityvulns•added 2014/12/22 12:0 a.m.•36 views

NetIQ eDirectory NDS iMonitor security vulnerabilities

Crossite scripting, information leakage...

4.3CVSS1.5AI score0.12722EPSS

Exploits2References1Affected Software1

securityvulns•added 2014/12/22 12:0 a.m.•53 views

[SECURITY] [DSA 3091-1] getmail4 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3091-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano December 07, 2014 http://www.debian.org/security/faq -...

6.8CVSS3.2AI score0.0021EPSS

securityvulns•added 2014/12/22 12:0 a.m.•88 views

[SECURITY] [DSA 3104-1] bsd-mailx security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3104-1 [email protected] http://www.debian.org/security/ Florian Weimer December 16, 2014 http://www.debian.org/security/faq -...

7.5CVSS1AI score0.02879EPSS

securityvulns•added 2014/12/22 12:0 a.m.•61 views

Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability

Document Title: =============== Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1362 Release Date: ============= 2014-12-04 Vulnerability Laboratory ID VL-ID: ==================================== 1362...

7.1AI score

securityvulns•added 2014/12/22 12:0 a.m.•33 views

Apache mod_wsgi privilege escalation

Invalid error processing can lead to privilege escalation...

6.9CVSS3.1AI score0.00107EPSS

securityvulns•added 2014/12/22 12:0 a.m.•33 views

W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface

Title: W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface Author: Mazin Ahmed Date of Discovering: October 6th, 2014 Date of Reporting to the Vendor: October 7th, 2014 Date of Releasing a Patch: December 9th, 2014 Vulnerability Type: Cross-Site Request Forgery CSRF -...

0.2AI score

securityvulns•added 2014/12/22 12:0 a.m.•69 views

Cross-Site Scripting (XSS) in Revive Adserver

Advisory ID: HTB23242 Product: Revive Adserver Vendor: http://www.revive-adserver.com/ Vulnerable Versions: 3.0.5 and probably prior Tested Version: 3.0.5 Advisory Publication: November 12, 2014 without technical details Vendor Notification: November 12, 2014 Vendor Patch: December 17, 2014 Publi...

4.3CVSS0.1AI score0.00445EPSS

securityvulns•added 2014/12/22 12:0 a.m.•44 views

secuvera-SA-2014-01: Reflected XSS in W3 Total Cache

secuvera-SA-2014-01: Reflected XSS in W3 Total Cache Affected Products W3 Total Cache 0.9.4 older releases have not been tested "The only WordPress Performance Optimization WPO framework; designed to improve user experience and page speed. .. W3 Total Cache improves the user experience of your si...

4.3CVSS5.2AI score0.00347EPSS

securityvulns•added 2014/12/22 12:0 a.m.•65 views

CVE-2014-9129: XSS and CSRF in CM Download Manager plugin for WordPress

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: WordPress plugin cm-download-manager Plugin page: https://wordpress.org/plugins/cm-download-manager/ Vendor: CreativeMindsSolutions http://cminds.com/ Vulnerability Type: CWE-79: Cross-site scripting Vulnerable Versions: 2.0.6 and below Fixed...

6.8CVSS0.5AI score0.00262EPSS

securityvulns•added 2014/12/22 12:0 a.m.•31 views

SAP applications multiple security vulnerabilities

Unauthorized access, crossite scripting, backdoor account, authentication bypass, unencrypted password transfer...

9CVSS3AI score0.02043EPSS

Exploits0References18

securityvulns•added 2014/12/22 12:0 a.m.•120 views

[ MDVSA-2014:243 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:243 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : December 14, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...

5CVSS8AI score0.15266EPSS

Exploits6

securityvulns•added 2014/12/22 12:0 a.m.•46 views

[ MDVSA-2014:251 ] rpm

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:251 http://www.mandriva.com/en/support/security/ Package : rpm Date : December 14, 2014 Affected: Business Server 1.0 Problem Description: Updated rpm packages fix security vulnerabilities: It was found that...

10CVSS7.7AI score0.1118EPSS

securityvulns•added 2014/12/22 12:0 a.m.•59 views

Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability

Document Title: =============== Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1372 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9334 CVE-ID: ======= CVE-2014-9334 Release Date:...

6.8CVSS5.7AI score0.00143EPSS

securityvulns•added 2014/12/22 12:0 a.m.•68 views

[SECURITY] [DSA 3105-1] heirloom-mailx security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3105-1 [email protected] http://www.debian.org/security/ Florian Weimer December 16, 2014 http://www.debian.org/security/faq -...

7.5CVSS0.02879EPSS

securityvulns•added 2014/12/22 12:0 a.m.•57 views

[REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2014-002 ------------------------------------------------------------------------ http://www.revive-adserver.com/security/revive-sa-2014-002...

5CVSS6.8AI score0.00734EPSS