Securityvulns - Page 36 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2014/12/22 12:0 a.m.•79 views

CMS Made Simple PHP Code Injection Vulnerability (All versions)

CMS Made Simple PHP Code Injection Vulnerability All versions 2014-12-02 SAHM @post.com cmsmadesimple.org All versions ---exploit A malicious attacker can intrude every CMSMS-installed website by taking the following steps: Open the /install folder from the URL The cms doesn't force users to dele...

securityvulns•added 2014/12/22 12:0 a.m.•49 views

[oCERT-2014-012] JasPer input sanitization errors

2014-012 JasPer input sanitization errors Description: The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by a double-free vulnerability in function jasiccattrvaldestroy as well as a heap-based buffer overflow in function jp2decode. A specially...

7.5CVSS0.2AI score0.31457EPSS

securityvulns•added 2014/12/22 12:0 a.m.•54 views

[SECURITY] [DSA 3102-1] libyaml security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3102-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 13, 2014 http://www.debian.org/security/faq -...

5CVSS1AI score0.5763EPSS

securityvulns•added 2014/12/22 12:0 a.m.•133 views

E-Journal CMS (ID) - Multiple Web Vulnerabilities

Document Title: =============== E-Journal CMS ID - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1380 Release Date: ============= 2014-12-17 Vulnerability Laboratory ID VL-ID: ==================================== 1380 Commo...

securityvulns•added 2014/12/22 12:0 a.m.•55 views

Elefant CMS v1.3.9 - Persistent Name Update Vulnerability

Document Title: =============== Elefant CMS v1.3.9 - Persistent Name Update Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1365 Release Date: ============= 2014-12-03 Vulnerability Laboratory ID VL-ID: ====================================...

securityvulns•added 2014/12/22 12:0 a.m.•46 views

Different mailx versions security vulnerabilities

Shell characters injection...

7.5CVSS3.3AI score0.02879EPSS

Exploits1References2

securityvulns•added 2014/12/22 12:0 a.m.•49 views

Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01]

Merry Christmas. --------------------------------------------------------------------- http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt --------------------------------------------------------------------- modzero Security Advisory: Vulnerabilities in Ekahau Real-Time Location System...

4.3CVSS6.7AI score0.00319EPSS

securityvulns•added 2014/12/22 12:0 a.m.•51 views

[ MDVSA-2014:250 ] cpio

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:250 http://www.mandriva.com/en/support/security/ Package : cpio Date : December 14, 2014 Affected: Business Server 1.0 Problem Description: Updated cpio package fixes security vulnerability: Heap-based buffe...

5CVSS6.6AI score0.01343EPSS

securityvulns•added 2014/12/22 12:0 a.m.•80 views

CVE-2014-9215 - SQL Injection in PBBoard CMS

Vulnerability title: SQL Injection in PBBoard CMS CVE: CVE-2014-9215 CMS: PBBoard Vendor: Power bulletin board - http://www.pbboard.info/ Product: http://sourceforge.net/projects/pbboard/files/PBBoardv3.0.1/PBBoardv3.0.1.zip/download Affected version: Version 3.0.1 updated on 13/09/2014 and befor...

7.5CVSS7.5AI score0.02423EPSS

securityvulns•added 2014/12/22 12:0 a.m.•85 views

[ MDVSA-2014:253 ] apache-mod_wsgi

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:253 http://www.mandriva.com/en/support/security/ Package : apache-modwsgi Date : December 15, 2014 Affected: Business Server 1.0 Problem Description: Updated apache-modwsgi package fixes security...

6.9CVSS6.4AI score0.00107EPSS

securityvulns•added 2014/12/22 12:0 a.m.•33 views

Ekahau Real-Time Location Tracking System weak encryption

It's possible to read and generate messages...

4.3CVSS2.6AI score0.00319EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/12/22 12:0 a.m.•68 views

Docker 1.3.3 - Security Advisory [11 Dec 2014]

Docker 1.3.3 has been released to address several vulnerabilities and is immediately available for all supported platforms: https://docs.docker.com/installation/ This release addresses vulnerabilities which could be exploited by a malicious Dockerfile, image, or registry to compromise a Docker...

10CVSS1AI score0.36182EPSS

securityvulns•added 2014/12/22 12:0 a.m.•126 views

Persistent XSS Vulnerability in CMS Papoo Light v6.0.0 Rev. 4701

Advisory: Persistent XSS Vulnerability in CMS Papoo Light v6 Advisory ID: SROEADV-2014-01 Author: Steffen Rцsemann Affected Software: CMS Papoo Version 6.0.0 Rev. 4701 Vendor URL: http://www.papoo.de/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Description:...

securityvulns•added 2014/12/22 12:0 a.m.•137 views

CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2025 =================== "Remote Code Execution RCE via Unrestricted File Upload" CWE-434 vulnerability in "Intrexx Professional" product Vendor =================== United Planet GmbH Product =================== "Intrexx is an integrated...

1.6AI score0.09013EPSS

securityvulns•added 2014/12/22 12:0 a.m.•62 views

Mozilla nss information leakage

Information leakage in QuickDER decoder...

7.5CVSS2.5AI score0.93538EPSS

Exploits9References1Affected Software1

securityvulns•added 2014/12/22 12:0 a.m.•53 views

RPM security vulnerabilities

Integer oveflow, code execution...

10CVSS3.9AI score0.1118EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/12/22 12:0 a.m.•117 views

ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities

Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Petri Iivonen Contact: petri.iivonenattmbcgovuk Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url: www.resourcespace.org Software:...

securityvulns•added 2014/12/22 12:0 a.m.•27 views

CA20141215-01: Security Notice for CA LISA Release Automation

-----BEGIN PGP SIGNED MESSAGE----- CA20141215-01: Security Notice for CA LISA Release Automation Issued: December 15, 2014 CA Technologies Support is alerting customers to multiple vulnerabilities in CA Release Automation formerly CA LISA Release Automation, change effective 2014-09-19. The first...

6.8CVSS1AI score0.04512EPSS

securityvulns•added 2014/12/22 12:0 a.m.•238 views

[ MDVSA-2014:252 ] nss

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:252 http://www.mandriva.com/en/support/security/ Package : nss Date : December 15, 2014 Affected: Business Server 1.0 Problem Description: Updated nss packages fix security vulnerabilities: In the QuickDER...

7.5CVSS4.7AI score0.93538EPSS

securityvulns•added 2014/12/22 12:0 a.m.•37 views

ettercap multiple security vulnerabilities

Multiple memory corruptions in different protocols dissectors...

7.5CVSS3.2AI score0.26583EPSS

Exploits4References1Affected Software1

securityvulns•added 2014/12/21 12:0 a.m.•93 views

APPLE-SA-2014-12-11-1 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2014-12-11-1 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2 are now available and include the security content of Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1: https://support.apple.com/en-us/HT659...

securityvulns•added 2014/12/21 12:0 a.m.•99 views

[USN-2441-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2441-1 December 12, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.8CVSS0.7AI score0.18308EPSS

securityvulns•added 2014/12/21 12:0 a.m.•42 views

Apple iOS v8.x - Message Context & Privacy Vulnerability

Document Title: =============== Apple iOS v8.x - Message Context & Privacy Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1346 Video: http://www.vulnerability-lab.com/getcontent.php?id=1350 Release Date: ============= 2014-12-16...

securityvulns•added 2014/12/21 12:0 a.m.•49 views

Apple iOS multiple security vulnerabilities

Information leakage, unsigned code execution, code execution, restrictions bypass, memory corruption...

9.3CVSS3.1AI score0.0186EPSS

Exploits0References2Affected Software1

securityvulns•added 2014/12/21 12:0 a.m.•52 views

Linux kernel multiple security vulnerabilities

DoS via SCTP, TechnoTrend/Hauppauge DEC USB driver buffer overflow, invalid registers handling in x86, ASLR bypass...

6.1CVSS4.4AI score0.18308EPSS

Exploits2References3Affected Software1

securityvulns•added 2014/12/21 12:0 a.m.•56 views

Apple Safari / Webkit multiple security vulnerabilities

Multiple memory corruptions...

7.5CVSS1.9AI score0.03816EPSS

Exploits0References2Affected Software1

securityvulns•added 2014/12/11 12:0 a.m.•29 views

[security bulletin] HPSBMU03043 rev.1 - HP Smart Update Manager for Windows and Linux, Local Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04302476 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04302476 Version: 1 HPSBMU03043 rev....

2.1CVSS0.3AI score0.00043EPSS

securityvulns•added 2014/12/11 12:0 a.m.•44 views

X.Org X server and video drivers multiple security vulnerabilities

Multiple memory corruptions and privilege escalations...

7.5CVSS3.6AI score0.04839EPSS

Exploits0References2

securityvulns•added 2014/12/11 12:0 a.m.•83 views

[SECURITY] [DSA 3093-1] linux security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3093-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 08, 2014 http://www.debian.org/security/faq -...

6.1CVSS0.9AI score0.18308EPSS

securityvulns•added 2014/12/11 12:0 a.m.•44 views

[CVE-2014-7302] SGI SUID Root Privilege Escalation

SGI SUID Root Privilege Escalation Software: SGI Tempo SGI ICE-X Supercomputers Affected Versions: Unknown CVE Reference: CVE-2014-7302 Author: Luke Jennings, John Fitzpatrick, MWR Labs Severity: Medium Risk Vendor: Silicon Graphics International Corp SGI Vendor Response: Uncooperative Descriptio...

0.7AI score0.00064EPSS

securityvulns•added 2014/12/11 12:0 a.m.•42 views

[CVE-2014-7301] SGI Tempo System Database Password Exposure

SGI Tempo System Database Password Exposure Software: SGI Tempo SGI ICE-X Supercomputers Affected Versions: Unknown CVE Reference: CVE-2014-7301 Author: John Fitzpatrick, MWR Labs Severity: Medium Risk Vendor: Silicon Graphics International Corp SGI Vendor Response: Uncooperative Description It i...

6.8AI score0.00125EPSS

securityvulns•added 2014/12/11 12:0 a.m.•69 views

NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2014-0012 Synopsis: VMware vSphere product updates address security vulnerabilities Issue date: 2014-12-04 Updated on: 2014-12-04...

6.4CVSS8.2AI score0.01382EPSS

securityvulns•added 2014/12/11 12:0 a.m.•95 views

Asterisk DoS

WebSocket Server request parsing DoS...

Exploits0References1Affected Software1

securityvulns•added 2014/12/11 12:0 a.m.•31 views

NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2014-0014 Synopsis: AirWatch by VMware product update addresses information disclosure vulnerabilities Issue date: 2014-12-10 Updated...

4CVSS6.2AI score0.00126EPSS

securityvulns•added 2014/12/11 12:0 a.m.•48 views

[SECURITY] [DSA 3097-1] unbound security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3097-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez December 10, 2014 http://www.debian.org/security/faq -...

4.3CVSS1.7AI score0.0756EPSS

securityvulns•added 2014/12/11 12:0 a.m.•66 views

Offset2lib: bypassing full ASLR on 64bit Linux

Hi, This is a disclosure of a weakness of the ASLR Linux implementation. The problem appears when the executable is PIE compiled and it has an address leak belonging to the executable. We named this weakness: offset2lib. In this scenario, an attacker is able to de-randomize all mmapped areas...

securityvulns•added 2014/12/11 12:0 a.m.•38 views

graphviz memory corruption

Format string vulnerability on graphics format parsing...

7.5CVSS3.7AI score0.01899EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/12/11 12:0 a.m.•39 views

[CVE-2014-7303] SGI Tempo System Database Exposure

SGI Tempo System Database Exposure Software: SGI Tempo SGI ICE-X Supercomputers Affected Versions: Unknown CVE Reference: CVE-2014-7303 Author: John Fitzpatrick, MWR Labs Severity: Low Risk Vendor: Silicon Graphics International Corp SGI Vendor Response: Uncooperative Description It is possible f...

0.1AI score0.00051EPSS

securityvulns•added 2014/12/11 12:0 a.m.•38 views

unbound DoS

Resources exhaustion on recursive requests handling...

4.3CVSS2.5AI score0.0756EPSS

Exploits0References1

securityvulns•added 2014/12/11 12:0 a.m.•29 views

NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2014-0013 Synopsis: VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability Issu...

9CVSS6.8AI score0.0129EPSS

securityvulns•added 2014/12/11 12:0 a.m.•21 views

HP Smart Update Manager information disclosure

No description provided...

Exploits0References1

securityvulns•added 2014/12/11 12:0 a.m.•124 views

APPLE-SA-2014-12-2-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2014-12-3-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 is now available and addresses the following: WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite...

7.5CVSS0.3AI score0.03816EPSS

securityvulns•added 2014/12/11 12:0 a.m.•42 views

PowerDNS Recursor DoS

Resources exhaustion...

5CVSS3.3AI score0.00759EPSS

Exploits0References2Affected Software1

securityvulns•added 2014/12/11 12:0 a.m.•54 views

[USN-2438-1] NVIDIA graphics drivers vulnerabilities

========================================================================== Ubuntu Security Notice USN-2438-1 December 10, 2014 nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates, nvidia-graphics-drivers-331, nvidia-graphics-drivers-331-updates vulnerabilities...

7.5CVSS1.8AI score0.04839EPSS

securityvulns•added 2014/12/11 12:0 a.m.•81 views

[SECURITY] [DSA 3096-1] pdns-recursor security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3096-1 [email protected] http://www.debian.org/security/ Sebastien Delafond December 11, 2014 http://www.debian.org/security/faq -...

5CVSS1.9AI score0.00759EPSS

securityvulns•added 2014/12/11 12:0 a.m.•31 views

SGI Tempo multiple security vulnerabilities

Privilege escalation, information leakage...

2.4AI score0.00125EPSS

Exploits5References3

securityvulns•added 2014/12/11 12:0 a.m.•22 views

VMWare AirWatch information disclosure

It's possible to access information of different tenant...

4CVSS2.2AI score0.00126EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/12/11 12:0 a.m.•37 views

VMware vSphere multiple security vulnerabilities

Crossite scripting, certificate validation issues, vulnerabilities in 3rd party packages...

4.3CVSS1.7AI score0.0039EPSS

Exploits0References1

securityvulns•added 2014/12/11 12:0 a.m.•36 views

AST-2014-019: Remote Crash Vulnerability in WebSocket Server

Asterisk Project Security Advisory - AST-2014-019 Product Asterisk Summary Remote Crash Vulnerability in WebSocket Server Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On 30 October 2014 Reported By Badalian...

securityvulns•added 2014/12/11 12:0 a.m.•26 views

VMware vCloud Automation Center privilege escalation

Privilege escalation via "Connect by Using VMRC" functionality...

9CVSS4.5AI score0.0129EPSS

Exploits0References1Affected Software1

Total number of security vulnerabilities47153