Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
SecurityvulnsRecent
RecentMost viewed

47153 matches found

securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.38 views

mutt DoS

Crash on password parsing...

5CVSS2.3AI score0.03515EPSS
Exploits1References1Affected Software1
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.62 views

Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fundacion Dr. Manuel Sadosky - Programa STIC Advisory http://www.fundacionsadosky.org.ar Insecure management of login credentials in PicsArt Photo Studio for Android 1. Advisory Information Title: Insecure management of login credentials in PicsArt...

5.4CVSS0.2AI score0.00134EPSS
Exploits2
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.49 views

[RT-SA-2014-011] EntryPass N5200 Credentials Disclosure

Advisory: EntryPass N5200 Credentials Disclosure EntryPass N5200 Active Network Control Panels allow the unauthenticated downloading of information that includes the current administrative username and password. Details ======= Product: EntryPass N5200 Active Network Control Panel Affected...

7.8CVSS6.8AI score0.15335EPSS
Exploits5
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.25 views

HP-UX authentication bypass

HP-UX libpamupdbe authentication bypass...

8.5CVSS2.6AI score0.00421EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.154 views

[CVE-2014-8338] Cross Site Scripting (XSS) vulnerability in videowhisper

Hello, Cross Site Scripting XSS vulnerability exists in videowhisper module for Drupal 7. Vendor Notification: 22, Oct 2014 Vulnerable file: drupal/modules/videowhisper/vwrooms/js/jsor-jcarousel/examples/specialtextscroller.php POC:...

1.9AI score0.00366EPSS
Exploits2
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.67 views

[USN-2414-1] KDE-Runtime vulnerability

========================================================================== Ubuntu Security Notice USN-2414-1 November 24, 2014 kde-runtime vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

4.3CVSS0.8AI score0.00283EPSS
Exploits2
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.70 views

WordPress <=4.0 Denial of Service Exploit (CVE-2014-9034)

author details: John M. [email protected] homepage details: SECURELI.com Description: CVE-2014-9034 was published recently, highlighting an issue that “allows remote attackers to cause a denial of service CPU consumption via a long password that is improperly handled during hashing” due to phpass...

5CVSS1.8AI score0.8017EPSS
Exploits7
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.92 views

[ MDVSA-2014:233 ] wordpress

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:233 http://www.mandriva.com/en/support/security/ Package : wordpress Date : November 27, 2014 Affected: Business Server 1.0 Problem Description: Updated wordpress package fixes security vulnerabilities: XSS ...

6.8CVSS6AI score0.8017EPSS
Exploits8
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.29 views

Alcatel Lucent 1830 Photonic Service Switch XSS

XSS in web interface...

1.9AI score0.00195EPSS
Exploits2References1Affected Software1
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.57 views

WordPress 3 persistent script injection

OVERVIEW ======== A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These don't require authentication by default. The JavaScript injected into a comment is executed when the targe...

6.7AI score
Exploits0
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.66 views

CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4

SWISSCOM CSIRT ADVISORY - http://www.swisscom.com/security CVE ID: CVE-2014-3809 Product: 1830 Photonic Service Switch PSS-32/16/4 Vendor: Alcatel-Lucent Subject: Reflected Cross-site Scripting - XSS Effect: Remotely exploitable Author: Stephan Rickauer stephan.rickauer at swisscom.com Date:...

0.2AI score0.00195EPSS
Exploits2
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.54 views

CVE-2014-5439 - Root shell on Sniffit [with exploit]

CVE-2014-5439 - Root shell on Sniffit Sniffit is a packet sniffer and monitoring tool. The attacker can create a specially-crafted sniffit configuration file, which is able to bypass all three protection mechanisms: - Non-eXecutable bit NX - Stack Smashing Protector SSP - Address Space Layout...

1.3AI score0.00422EPSS
Exploits2
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.52 views

XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities

Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...

7.7AI score
Exploits0
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.86 views

CVE-2014-7137 - Multiple SQL Injections in Dolibarr ERP & CRM

Vulnerability title: Multiple SQL Injections in Dolibarr ERP & CRM CVE: CVE-2014-7137 Vendor: Dolibarr ERP & CRM Product: Dolibarr ERP & CRM Affected version: 3.5.3 Fixed version: 3.6.1 Reported by: Jerzy Kramarz Details: SQL injection has been found and confirmed within the software as an...

6.5CVSS6.8AI score0.00335EPSS
Exploits3
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.58 views

[USN-2405-1] OpenStack Cinder vulnerabilities

========================================================================== Ubuntu Security Notice USN-2405-1 November 11, 2014 cinder vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4CVSS1AI score0.00329EPSS
Exploits0
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.130 views

[ MDVSA-2014:228 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:228 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : November 26, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...

6.5CVSS6.6AI score0.02772EPSS
Exploits3
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.65 views

Docker 1.3.2 - Security Advisory [24 Nov 2014]

Today, we are releasing Docker 1.3.2 in order to address two critical security issues. This release also includes several bugfixes, including changes to the insecure-registry option. Below are CVE descriptions for the vulnerabilities addressed in this release. Docker 1.3.2 is available immediatel...

7.5CVSS1.1AI score0.05856EPSS
Exploits0
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.69 views

Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms

Advisory ID: HTB23226 Product: Forma Lms Vendor: http://www.formalms.org/ Vulnerable Versions: 1.2.1 and probably prior Tested Version: 1.2.1 Advisory Publication: August 6, 2014 without technical details Vendor Notification: August 6, 2014 Vendor Patch: November 4, 2014 Public Disclosure: Novemb...

4.3CVSS6.8AI score0.004EPSS
Exploits2
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.56 views

[USN-2408-1] OpenStack Neutron vulnerability

========================================================================== Ubuntu Security Notice USN-2408-1 November 11, 2014 neutron vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4CVSS1.1AI score0.00573EPSS
Exploits0
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.56 views

Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin

!/bin/bash Larry W. Cashdollar, @larry0 Will brute force and search a Wordpress target site with WP-DB-Backup v2.2.4 plugin installed for any backups done on 20141031 assumes the wordpress database is wordpress and the table prefix is wp...

6.9AI score
Exploits0
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.46 views

Wordpress bulletproof-security <=.51 multiple vulnerabilities

Vulnerability title: Wordpress bulletproof-security =.51 multiple vulnerabilities Author: Pietro Oliva CVE: CVE-2014-7958, CVE-2014-7959, CVE-2014-8749 Vendor: AITpro Product: bulletproof-security Affected version: bulletproof-security = .51 Vulnerabilities fixed in version: .51.1 Details: xss...

6.5CVSS2.4AI score0.00923EPSS
Exploits4
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.53 views

[USN-2407-1] OpenStack Nova vulnerabilities

========================================================================== Ubuntu Security Notice USN-2407-1 November 11, 2014 nova vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

2.7CVSS0.6AI score0.00689EPSS
Exploits2
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.30 views

[security bulletin] HPSBMU03190 rev.1 - HP Helion Cloud Development Platform Community and Commercial Editions, Remote Unauthenticated Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04500238 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04500238 Version: 1 HPSBMU03190 rev....

10CVSS0.4AI score0.28809EPSS
Exploits0
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.98 views

CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2

CVE-2014-8731 CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:C CVSSv2 Base Score=10.0 CVSSv2 Temp Score=9.5 OWASP Top 10 classification: A1 - Injection PHPMemcachedAdmin is a web-based frontend for Linux's memcached Daemon. Project Homepage: https://code.google.com/p/phpmemcacheadmin/...

10CVSS1.7AI score0.4714EPSS
Exploits1
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.66 views

Сross-Site Request Forgery (CSRF) in xEpan

Advisory ID: HTB23240 Product: xEpan Vendor: Xavoc Technocrats Pvt. Ltd. Vulnerable Versions: 1.0.1 and probably prior Tested Version: 1.0.1 Advisory Publication: October 22, 2014 without technical details Vendor Notification: October 22, 2014 Public Disclosure: November 26, 2014 Vulnerability...

6.8CVSS0.2AI score0.00559EPSS
Exploits5
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.40 views

[security bulletin] HPSBUX03166 SSRT101489 rev.1 - HP-UX running PAM libpam_updbe, Remote Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04511778 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04511778 Version: 1 HPSBUX03166...

8.5CVSS0.5AI score0.00421EPSS
Exploits0
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.34 views

[CORE-2014-0008] - Advantech AdamView Buffer Overflow

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech AdamView Buffer Overflow 1. Advisory Information Title: Advantech AdamView Buffer Overflow Advisory ID: CORE-2014-0008 Advisory URL: http://www.coresecurity.com/advisories/advantech-adamView-buffer-overflow Date...

7.5CVSS7AI score0.27881EPSS
Exploits7
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.35 views

Advantech WebAccess buffer overflow

ActiveX buffer overflow...

7.2CVSS4.8AI score0.00246EPSS
Exploits1References1
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.93 views

[ MDVSA-2014:221 ] php-smarty

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:221 http://www.mandriva.com/en/support/security/ Package : php-smarty Date : November 21, 2014 Affected: Business Server 1.0 Problem Description: References: https://vulners.com/cve/CVE-2012-4437...

7.5CVSS6AI score0.0057EPSS
Exploits1
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.147 views

[SECURITY] [DSA 3075-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3075-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 20, 2014 http://www.debian.org/security/faq -...

6.8CVSS0.9AI score0.79786EPSS
Exploits3
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.134 views

[ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC)

ESNC-2039348 Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance SAP GRC Please refer to http://www.esnc.de for the original security advisory, updates and additional information. ------------------------------------------------------------------------ 1. Business...

9CVSS1AI score0.02043EPSS
Exploits0
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.64 views

CVE-2014-8732

CVE-2014-8732 CVSSv2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C CVSSv2 Base Score=7.5 CVSSv2 Temp Score=7.5 OWASP Top 10 classification: A3 - Cross Site Scripting There is a stored xss vulnerability in phpMemcachedAdmin. Most of the user-specified input fields which are displayed on several...

4.3CVSS2AI score0.00295EPSS
Exploits0
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.73 views

[The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360

Hi, This is the 8th part of the ManageOwnage series. For previous parts see 1. This time we have a file upload leading to remote code execution and a blind SQL injection in ManageEngine OpManager, Social IT Plus and IT360. ManageEngine have released an emergency fix, see details in the advisory...

7.5CVSS0.9AI score0.80004EPSS
Exploits11
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.35 views

Advantech EKI-6340 code execution

Shell commands injection in Web interface...

9CVSS2.7AI score0.13448EPSS
Exploits5References1
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.63 views

[SECURITY] [DSA 3083-1] mutt security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3083-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 30, 2014 http://www.debian.org/security/faq -...

5CVSS1.1AI score0.03515EPSS
Exploits1
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.37 views

Prey Anti-Theft for Android missing SSL certificate validation [STIC-2014-0731]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fundacion Dr. Manuel Sadosky - Programa STIC Advisory www.fundacionsadosky.org.ar Prey Anti-Theft for Android missing SSL certificate validation 1. Advisory Information Title: Prey Anti-Theft for Android missing SSL certificate validation Advisory ID:...

0.2AI score
Exploits0
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.47 views

CVE-2014-8877 - Code Injection in Wordpress CM Download Manager plugin

Vulnerability title: Code Injection in Wordpress CM Download Manager plugin CVE: CVE-2014-8877 Plugin: CM Download Manager plugin Vendor: CreativeMinds - https://www.cminds.com/ Product: https://wordpress.org/plugins/cm-download-manager/ Affected version: 2.0.0 and previous version Fixed version:...

10CVSS9.5AI score0.28914EPSS
Exploits6
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.34 views

[CORE-2014-0009] - Advantech EKI-6340 Command Injection

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech EKI-6340 Command Injection 1. Advisory Information Title: Advantech EKI-6340 Command Injection Advisory ID: CORE-2014-0009 Advisory URL: http://www.coresecurity.com/advisories/advantech-eki-6340-command-injection Date...

9CVSS0.2AI score0.13448EPSS
Exploits5
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.376 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.6AI score0.83792EPSS
Exploits81References38Affected Software28
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.35 views

KDE Konversation / Quassel IRC memory corruption

Memory corruption on ECB decryption...

5CVSS3.4AI score0.02339EPSS
Exploits0References1Affected Software2
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.69 views

Vulnerabilities in D-Link DCS-2103

Hello 3APA3A! There are Directory Traversal and Full path disclosure vulnerabilities in D-Link DCS-2103 IP camera. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DCS-2103, Firmware 1.0.0. This model with other firmware versions also mus...

0.4AI score
Exploits0
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.36 views

HP Helion Cloud Development Platform restriction bypass

Same key is used in different installations...

10CVSS1.6AI score0.28809EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.66 views

Arbitrary File Upload in HelpDEZk

Advisory ID: HTB23239 Product: HelpDEZk Vendor: HelpDEZk Vulnerable Versions: 1.0.1 and probably prior Tested Version: 1.0.1 Advisory Publication: October 15, 2014 without technical details Vendor Notification: October 15, 2014 Public Disclosure: November 5, 2014 Vulnerability Type: Unrestricted...

0.1AI score0.04136EPSS
Exploits4
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.65 views

Oxide multiple security vulnerabilities

Multiple memory corruptions...

7.5CVSS1.9AI score0.1817EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.81 views

[The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser

Hi, This is the 6th part of the ManageOwnage series. For previous parts see 1. This time we have two 0 day vulns CVE-2014-6038 and 6039 that can be abused to dump information from the database and obtain the superuser credentials for Windows and AS/400 hosts which are managed by EventLog Analyzer...

8.5AI score0.83792EPSS
Exploits10
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.84 views

CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Unauthenticated SQL Injection in Gogs repository search ======================================================= Researcher: Timo Schmid [email protected] Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go...

7.5CVSS7.1AI score0.76891EPSS
Exploits5
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.50 views

CVE-2014-3629: Apache Qpid's qpidd can be induced to make http requests

Apache Software Foundation - Security Advisory Apache Qpid's qpidd can be induced to make http requests CVE-2014-3629 CVS: 3 Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Qpid's qpidd up to and including version 0.30, where xml exchange module is loaded Descriptio...

4.3CVSS6.4AI score0.01744EPSS
Exploits0
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.55 views

CSRF and XSS vulnerabilities in D-Link DAP-1360

Hello 3APA3A! There are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model with other...

0.5AI score
Exploits0
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.85 views

[Appcheck-NG] Unpatched Vulnerabilities in Magento E-Commerce Platform

On April 8th 2014, AppCheck reported several Cross Site Scripting Vulnerabilities in the Magento e-commerce platform via the eBay bug bounty program. eBay responded to inform us that the vulnerabilities had already been reported. However, since more than 6 months have passed and no fix is yet...

Exploits0
securityvulns
securityvulnsadded 2014/12/01 12:0 a.m.104 views

[RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf

Advisory: Remote Code Execution in TYPO3 Extension kedompdf During a penetration test RedTeam Pentesting discovered a remote code execution vulnerability in the TYPO3 extension kedompdf, which allows attackers to execute arbitrary PHP commands in the context of the webserver. Details =======...

7.5CVSS7.8AI score0.09431EPSS
Exploits4
Total number of security vulnerabilities47153