Securityvulns - Page 35 of Securityvulns Vulnerabilities List

securityvulns•added 2014/12/23 12:0 a.m.•62 views

[oCERT-2014-010] SoX input sanitization errors

2014-010 SoX input sanitization errors Description: The SoX project is an open source tool for sound processing. The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions startread and AdpcmReadBlock. A specially crafted wav file can be used to...

7.5CVSS0.2AI score0.07709EPSS

securityvulns•added 2014/12/23 12:0 a.m.•82 views

APPLE-SA-2014-12-22-1 OS X NTP Security Update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-12-22-1 OS X NTP Security Update OS X NTP Security Update is now available and addresses the following: ntpd Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1 Impact: A remote attacker may be able ...

7.5CVSS1.5AI score0.7809EPSS

securityvulns•added 2014/12/23 12:0 a.m.•101 views

[SECURITY] [DSA 3108-1] ntp security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3108-1 [email protected] http://www.debian.org/security/ Florian Weimer December 20, 2014 http://www.debian.org/security/faq -...

7.5CVSS1.4AI score0.7809EPSS

Exploits4

securityvulns•added 2014/12/23 12:0 a.m.•39 views

Firebird DoS

NULL pointer dereference...

5CVSS2.3AI score0.02896EPSS

securityvulns•added 2014/12/23 12:0 a.m.•147 views

[SECURITY] [DSA 3109-1] firebird2.5 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3109-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 21, 2014 http://www.debian.org/security/faq -...

5CVSS1.8AI score0.02896EPSS

securityvulns•added 2014/12/22 12:0 a.m.•150 views

CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional"

1.6AI score0.03968EPSS

securityvulns•added 2014/12/22 12:0 a.m.•72 views

Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities

Title: Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 02 November 2014 Updated: 9 December 2014 Published: 9 December 2014 MorXploit Research http://www.MorXploit.com Vendor: Concrete5 Vendor url: www.concrete5.org...

5.6AI score

securityvulns•added 2014/12/22 12:0 a.m.•123 views

[Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory ONAPSIS-2014-034: SAP Business Objects Search Token Privilege Escalation via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote and potentially unauthenticated attacker would be able t...

0.2AI score0.04245EPSS

securityvulns•added 2014/12/22 12:0 a.m.•91 views

[SECURITY] [DSA 3104-1] bsd-mailx security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3104-1 [email protected] http://www.debian.org/security/ Florian Weimer December 16, 2014 http://www.debian.org/security/faq -...

7.5CVSS1AI score0.06858EPSS

securityvulns•added 2014/12/22 12:0 a.m.•108 views

Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability

Document Title: =============== Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1362 Release Date: ============= 2014-12-04 Vulnerability Laboratory ID VL-ID: ==================================== 1362...

7.1AI score

securityvulns•added 2014/12/22 12:0 a.m.•58 views

"Ettercap 8.0 - 8.1" multiple vulnerabilities

"Ettercap 8.0 - 8.1" multiple vulnerabilities Description ------------------------------------------------------------ Twelve vulnerabilities exist on ettercap-ng which allow remote denial of service and possible remote code execution. Specifically, the following vulnerabilities were identified: ...

7.5CVSS1.9AI score0.13056EPSS

Exploits4

securityvulns•added 2014/12/22 12:0 a.m.•58 views

Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]

Merry Christmas. --------------------------------------------------------------------- http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt --------------------------------------------------------------------- modzero Security Advisory: Vulnerabilities in Ekahau Real-Time Location System...

4.3CVSS6.7AI score0.0136EPSS

securityvulns•added 2014/12/22 12:0 a.m.•37 views

NetIQ eDirectory NDS iMonitor security vulnerabilities

Crossite scripting, information leakage...

4.3CVSS1.5AI score0.02EPSS

Exploits2References1Affected Software1

securityvulns•added 2014/12/22 12:0 a.m.•69 views

[SECURITY] [DSA 3105-1] heirloom-mailx security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3105-1 [email protected] http://www.debian.org/security/ Florian Weimer December 16, 2014 http://www.debian.org/security/faq -...

7.5CVSS0.06858EPSS

securityvulns•added 2014/12/22 12:0 a.m.•46 views

Different mailx versions security vulnerabilities

Shell characters injection...

7.5CVSS3.3AI score0.06858EPSS

Exploits1References2

securityvulns•added 2014/12/22 12:0 a.m.•106 views

TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367

Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability with Scope and Other URL Parameters of WebSearch Affected Software : TWiki Affected Versions: 6.0.1 and possibly below Vendor Homepage : http://www.twiki.org/ Vulnerability Type : Cross-site Scripting Severity :...

4.3CVSS0.2AI score0.01903EPSS

securityvulns•added 2014/12/22 12:0 a.m.•56 views

Elefant CMS v1.3.9 - Persistent Name Update Vulnerability

Document Title: =============== Elefant CMS v1.3.9 - Persistent Name Update Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1365 Release Date: ============= 2014-12-03 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score

securityvulns•added 2014/12/22 12:0 a.m.•111 views

CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in "Intrexx Professional"

4.3CVSS0.3AI score0.01936EPSS

securityvulns•added 2014/12/22 12:0 a.m.•69 views

[REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2014-002 ------------------------------------------------------------------------ http://www.revive-adserver.com/security/revive-sa-2014-002...

5CVSS6.8AI score0.02564EPSS

securityvulns•added 2014/12/22 12:0 a.m.•37 views

CA20141215-01: Security Notice for CA LISA Release Automation

-----BEGIN PGP SIGNED MESSAGE----- CA20141215-01: Security Notice for CA LISA Release Automation Issued: December 15, 2014 CA Technologies Support is alerting customers to multiple vulnerabilities in CA Release Automation formerly CA LISA Release Automation, change effective 2014-09-19. The first...

6.8CVSS1AI score0.01805EPSS

securityvulns•added 2014/12/22 12:0 a.m.•70 views

Docker 1.3.3 - Security Advisory [11 Dec 2014]

Docker 1.3.3 has been released to address several vulnerabilities and is immediately available for all supported platforms: https://docs.docker.com/installation/ This release addresses vulnerabilities which could be exploited by a malicious Dockerfile, image, or registry to compromise a Docker...

10CVSS1AI score0.06452EPSS

securityvulns•added 2014/12/22 12:0 a.m.•153 views

SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager

SEC Consult Vulnerability Lab Security Advisory 20141218-2 ======================================================================= title: Multiple high risk vulnerabilities product: NetIQ Access Manager vulnerable version: 4.0 SP1 fixed version: 4.0 SP1 Hot Fix 3 CVE number: CVE-2014-5214,...

6.8CVSS0.4AI score0.03236EPSS

Exploits8

securityvulns•added 2014/12/22 12:0 a.m.•121 views

ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities

Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Petri Iivonen Contact: petri.iivonenattmbcgovuk Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url: www.resourcespace.org Software:...

8.4AI score

securityvulns•added 2014/12/22 12:0 a.m.•32 views

libYAML DoS

Assertion on strings parsing...

5CVSS3.3AI score0.13195EPSS

securityvulns•added 2014/12/22 12:0 a.m.•33 views

Apache mod_wsgi privilege escalation

Invalid error processing can lead to privilege escalation...

6.9CVSS3.1AI score0.00403EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/12/22 12:0 a.m.•39 views

NetIQ Access Manager multiple security vulnerabilities

XXE, CSRF, XXS, information leakage...

6.8CVSS2.5AI score0.03236EPSS

Exploits8References1Affected Software1

securityvulns•added 2014/12/22 12:0 a.m.•37 views

ettercap multiple security vulnerabilities

Multiple memory corruptions in different protocols dissectors...

7.5CVSS3.2AI score0.13056EPSS

Exploits4References1Affected Software1

securityvulns•added 2014/12/22 12:0 a.m.•38 views

getmail security vulnerabilities

Multiple vulnerabilities in certificates check...

6.8CVSS2AI score0.00928EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/12/22 12:0 a.m.•40 views

GNU cpio buffer overflow

Buffer overflow in processcopyin function...

5CVSS4.2AI score0.07093EPSS

securityvulns•added 2014/12/22 12:0 a.m.•71 views

[CVE-2014-8340] phpTrafficA SQL injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: phpTrafficA Product page: http://soft.zoneo.net/phpTrafficA/ Affected versions: Up to and including 2.3 latest as of writing. Description: An SQL injection exists in Php/Functions/logfunction.php, line 933: $sql3 ="INSERT INTO $tablehost SET...

7.8AI score0.01837EPSS

securityvulns•added 2014/12/22 12:0 a.m.•49 views

iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability

Document Title: =============== iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1375 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9336 CVE-ID: ======= CVE-2014-9336 Release Date:...

6.8CVSS6.1AI score0.01015EPSS

Exploits5

securityvulns•added 2014/12/22 12:0 a.m.•78 views

CVE-2014-9129: XSS and CSRF in CM Download Manager plugin for WordPress

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: WordPress plugin cm-download-manager Plugin page: https://wordpress.org/plugins/cm-download-manager/ Vendor: CreativeMindsSolutions http://cminds.com/ Vulnerability Type: CWE-79: Cross-site scripting Vulnerable Versions: 2.0.6 and below Fixed...

6.8CVSS0.5AI score0.01533EPSS

securityvulns•added 2014/12/22 12:0 a.m.•60 views

Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability

Document Title: =============== Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1372 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9334 CVE-ID: ======= CVE-2014-9334 Release Date:...

6.8CVSS5.7AI score0.01151EPSS

Exploits4

securityvulns•added 2014/12/22 12:0 a.m.•74 views

Jease CMS v2.11 - Persistent UI Web Vulnerability

Document Title: =============== Jease CMS v2.11 - Persistent UI Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1373 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8780 CVE-ID: ======= CVE-2014-8780 Release Date: =============...

3.5CVSS0.00708EPSS

securityvulns•added 2014/12/22 12:0 a.m.•53 views

[ MDVSA-2014:250 ] cpio

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:250 http://www.mandriva.com/en/support/security/ Package : cpio Date : December 14, 2014 Affected: Business Server 1.0 Problem Description: Updated cpio package fixes security vulnerability: Heap-based buffe...

5CVSS6.6AI score0.07093EPSS

securityvulns•added 2014/12/22 12:0 a.m.•54 views

[SECURITY] [DSA 3091-1] getmail4 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3091-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano December 07, 2014 http://www.debian.org/security/faq -...

6.8CVSS3.2AI score0.00928EPSS

securityvulns•added 2014/12/22 12:0 a.m.•53 views

SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor

SEC Consult Vulnerability Lab Security Advisory 20141219-0 ======================================================================= title: XSS & Memory Disclosure product: NetIQ eDirectory NDS iMonitor vulnerable version: 8.8 SP8, 8.8 SP7 fixed version: 8.8 SP8 HF 4, fix available for versions 8.8...

4.3CVSS0.2AI score0.02EPSS

securityvulns•added 2014/12/22 12:0 a.m.•88 views

Cross-Site Scripting (XSS) in Revive Adserver

Advisory ID: HTB23242 Product: Revive Adserver Vendor: http://www.revive-adserver.com/ Vulnerable Versions: 3.0.5 and probably prior Tested Version: 3.0.5 Advisory Publication: November 12, 2014 without technical details Vendor Notification: November 12, 2014 Vendor Patch: December 17, 2014 Publi...

4.3CVSS0.1AI score0.02309EPSS

securityvulns•added 2014/12/22 12:0 a.m.•121 views

[ MDVSA-2014:243 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:243 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : December 14, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...

5CVSS8AI score0.11055EPSS

Exploits6

securityvulns•added 2014/12/22 12:0 a.m.•88 views

[SECURITY] [DSA 3100-1] mediawiki security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3100-1 [email protected] http://www.debian.org/security/ Sebastien Delafond December 12, 2014 http://www.debian.org/security/faq -...

7.5CVSS0.7AI score0.01965EPSS

securityvulns•added 2014/12/22 12:0 a.m.•34 views

W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface

Title: W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface Author: Mazin Ahmed Date of Discovering: October 6th, 2014 Date of Reporting to the Vendor: October 7th, 2014 Date of Releasing a Patch: December 9th, 2014 Vulnerability Type: Cross-Site Request Forgery CSRF -...

0.2AI score

securityvulns•added 2014/12/22 12:0 a.m.•36 views

Ekahau Real-Time Location Tracking System weak encryption

It's possible to read and generate messages...

4.3CVSS2.6AI score0.0136EPSS

securityvulns•added 2014/12/22 12:0 a.m.•165 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.11055EPSS

Exploits27References25Affected Software17

securityvulns•added 2014/12/22 12:0 a.m.•50 views

[security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04530570 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04530570 Version: 1 HPSBOV03225 rev....

5CVSS0.3AI score0.02324EPSS

securityvulns•added 2014/12/22 12:0 a.m.•64 views

TWiki Security Advisory - XSS Vulnerability - CVE-2014-9325

Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING in TWiki Affected Software : TWiki Affected Versions: 6.0.1 and possibly below Vendor Homepage : http://www.twiki.org/ Vulnerability Type : Cross-site Scripting Severity :...

4.3CVSS0.3AI score0.01903EPSS

securityvulns•added 2014/12/22 12:0 a.m.•80 views

CMS Made Simple PHP Code Injection Vulnerability (All versions)

CMS Made Simple PHP Code Injection Vulnerability All versions 2014-12-02 SAHM @post.com cmsmadesimple.org All versions ---exploit A malicious attacker can intrude every CMSMS-installed website by taking the following steps: Open the /install folder from the URL The cms doesn't force users to dele...

1.3AI score

securityvulns•added 2014/12/22 12:0 a.m.•137 views

E-Journal CMS (ID) - Multiple Web Vulnerabilities

Document Title: =============== E-Journal CMS ID - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1380 Release Date: ============= 2014-12-17 Vulnerability Laboratory ID VL-ID: ==================================== 1380 Commo...

0.8AI score

securityvulns•added 2014/12/22 12:0 a.m.•56 views

RPM security vulnerabilities

Integer oveflow, code execution...

10CVSS3.9AI score0.07669EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/12/22 12:0 a.m.•47 views

[ MDVSA-2014:251 ] rpm

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:251 http://www.mandriva.com/en/support/security/ Package : rpm Date : December 14, 2014 Affected: Business Server 1.0 Problem Description: Updated rpm packages fix security vulnerabilities: It was found that...

10CVSS7.7AI score0.07669EPSS