Securityvulns - Page 43 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2014/10/16 12:0 a.m.•81 views

SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20141015-0 ======================================================================= title: Potential Cross-Site Scripting product: ADF Faces vulnerable version: 12.1.2.0 fixed version: versions with CPU...

securityvulns•added 2014/10/16 12:0 a.m.•66 views

CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.

Vendor: Elasticsearch Product: Logstash CVE: CVE-2014-4326 Affected versions: Logstash 1.0.14 through 1.4.1 Recommendations: All affected users should upgrade to Logstash 1.4.2. We also provide patch instructions for Logstash 1.3.x at the bottom of this note. The vulnerability impacts deployments...

7.5CVSS0.3AI score0.03297EPSS

securityvulns•added 2014/10/16 12:0 a.m.•30 views

SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system

SEC Consult Vulnerability Lab Security Advisory 20140710-2 ======================================================================= title: Multiple critical vulnerabilites product: Schrack MICROCONTROL emergency light system vulnerable version: before 1.7.0 937 fixed version: 1.7.0 937 impact:...

securityvulns•added 2014/10/16 12:0 a.m.•88 views

CVE-2014-4331 OctavoCMS reflected XSS vulnerability

This proprietary content management software is vulnerable to reflected XSS on the file admin/viewer.php, src parameter. Current release on their demo site is vulnerable, same as other few sites I could find. PoC:...

0.5AI score0.01854EPSS

securityvulns•added 2014/10/16 12:0 a.m.•86 views

Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin

Advisory ID: HTB23237 Product: MaxButtons WordPress plugin Vendor: Max Foundry Vulnerable Versions: 1.26.0 and probably prior Tested Version: 1.26.0 Advisory Publication: September 24, 2014 without technical details Vendor Notification: September 24, 2014 Vendor Patch: October 2, 2014 Public...

4.3CVSS6.2AI score0.02053EPSS

securityvulns•added 2014/10/16 12:0 a.m.•44 views

Mozilla Firefox and Microsoft Internet Explorer information leakage

Memory content leakage is possible on crafted image parsing...

5CVSS3.1AI score0.02226EPSS

Exploits0References1

securityvulns•added 2014/10/16 12:0 a.m.•65 views

[SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2982-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 19, 2014 http://www.debian.org/security/faq -...

7.5CVSS1AI score0.04278EPSS

securityvulns•added 2014/10/16 12:0 a.m.•47 views

Backdoor access to Techboard/Syac devices

ADVISORY INFORMATION Title: Backdoor access to Techboard/Syac devices Discovery date: 02/04/2014 Release date: 07/07/2014 Advisory URL: http://blog.emaze.net/2014/07/backdoor-techboardsyac.html Credits: Roberto Paleari @rpaleari, Luca Giancane [email protected] VULNERABILITY INFORMATION...

securityvulns•added 2014/10/16 12:0 a.m.•21 views

Symantec Endpoint Protection Manager bruteforce

Login attempts are not limited...

Exploits0References1Affected Software1

securityvulns•added 2014/10/16 12:0 a.m.•32 views

HP SiteScope authentication bypass

No description provided...

7.5CVSS1.7AI score0.0485EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/10/16 12:0 a.m.•28 views

Techboard/Syac backdoor

Backdoor service is available via TCP/7339 port...

Exploits0References1

securityvulns•added 2014/10/16 12:0 a.m.•25 views

WAGO-I/O-SYSTEM WebVisu information leakage

User passwords can be retrieved...

Exploits0References1

securityvulns•added 2014/10/16 12:0 a.m.•50 views

Kerio Control SQL injection

SQL injection in Web interface...

6.5CVSS2.4AI score0.02168EPSS

Exploits5References1Affected Software1

securityvulns•added 2014/10/16 12:0 a.m.•43 views

HP Universal CMDB security vulnerabilities

Information leakage, code execution...

10CVSS3.2AI score0.12235EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/10/16 12:0 a.m.•43 views

HP Release Control уязвимости безопасности

Privilege escalation, information leakage...

9CVSS1.7AI score0.06839EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/10/16 12:0 a.m.•51 views

Cross-site Scripting in EventLog Analyzer 9.0 build #9000

We discovered a vulnerability in the EventLog Analyzer web application. Vulnerability Type: Cross-site Scripting Original Release: June 20, 2014 Discovered by: Security Team - A2SECURE Artлm Tsvetkov [email protected] Sisco Barrera [email protected] Andrea Bodei [email protected]...

securityvulns•added 2014/10/16 12:0 a.m.•64 views

[SECURITY] CVE-2014-3503 Apache Syncope

cve-2014-3503.txt.asc -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-3503: Insecure Random implementations used to generate passwords in Apache Syncope Severity: Major Vendor: The Apache Software Foundation Versions Affected: This vulnerability affects all versions of Apache Syncope 1.1.x...

5CVSS0.6AI score0.05974EPSS

securityvulns•added 2014/10/16 12:0 a.m.•37 views

Web Encryption Extension security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Revision: 1.0 Last Updated: 25 July 2014 First Published: 25 July 2014 Summary: A security issue was found in the Web Encryption Extension. Authenticated users are able to modify the content of https request fields to insert code into the pipeline...

securityvulns•added 2014/10/16 12:0 a.m.•98 views

CVE-2014-3149 - Reflected Cross-Site Scripting (XSS) in "Invision Power IP.Board"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-3149 =================== "Reflected Cross-Site Scripting XSS" CWE-79 vulnerability in "Invision Power IP.Board" product Vendor =================== Invision Power Services Inc. Product =================== IP.Board "IP.Board is the leading...

4.3CVSS0.8AI score0.01936EPSS

securityvulns•added 2014/10/16 12:0 a.m.•66 views

CVE-2014-3863 - Stored XSS in JChatSocial

CVE-2014-3863 =================== "Stored Cross-Site Scripting XSS" CWE-79 vulnerability in "JChatSocial" Joomla extension. Vendor =================== Joomla! Extensions Store Product =================== JChatSocial: the Joomla live chat "JChatSocial is a powerful chat system for Joomla with a lo...

4.3CVSS1AI score0.01915EPSS

securityvulns•added 2014/10/16 12:0 a.m.•42 views

Easy file sharing web server - persist XSS in forum msgs

I saw a posting a month or 2 ago for a BOF in an FTP server belonging to EFS Software here: http://www.securityfocus.com/bid/19243 At first there was no additional details provided and I hunted up and down before finding it after some fuzzing stack smash in password. While on the hunt, I found on...

securityvulns•added 2014/10/16 12:0 a.m.•43 views

[SECURITY] [DSA 2983-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2983-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 20, 2014 http://www.debian.org/security/faq -...

securityvulns•added 2014/10/16 12:0 a.m.•68 views

Multiple Vulnerabilities in Parallels® Plesk Sitebuilder

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder Author : alieye vendor : http://www.parallels.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl::2006/Sites ext:aspx inurl::2006 inurl:.ashx?media...

securityvulns•added 2014/10/16 12:0 a.m.•71 views

SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140630-0 ======================================================================= title: Multiple severe vulnerabilities product: IBM Algorithmics RICOS vulnerable version: 4.5.0 - 4.7.0 fixed version:...

6.8CVSS0.3AI score0.0571EPSS

securityvulns•added 2014/10/16 12:0 a.m.•45 views

Ansible security vulnerabilities

Code execution, privilege escalation...

4.5AI score0.03434EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/10/16 12:0 a.m.•55 views

[security bulletin] HPSBMU03059 rev.1 - HP SiteScope, Remote Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04355129 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04355129 Version: 1 HPSBMU03059 rev....

7.5CVSS0.4AI score0.0485EPSS

securityvulns•added 2014/10/16 12:0 a.m.•64 views

[security bulletin] HPSBMU03064 rev.1 - HP Universal CMDB, Remote Information Disclosure, Execution of Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04357076 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04357076 Version: 1 HPSBMU03064 rev....

10CVSS0.3AI score0.12235EPSS

securityvulns•added 2014/10/16 12:0 a.m.•42 views

SEC Consult SA-20140710-3 :: Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu

SEC Consult Vulnerability Lab Security Advisory 20140710-3 ======================================================================= title: Design Issue / Password Disclosure product: All WAGO-I/O-SYSTEMs which provide a CODESYS V2.3 WebVisu vulnerable version: Systems which are programmable with =...

securityvulns•added 2014/10/16 12:0 a.m.•43 views

Kunena Forum Extension for Joomla Multiple SQL Injection Vulnerabilities

Kunena forum extension for Joomla multiple SQL injection vulnerabilities Class: Input Validation Error CVE: N/A Remote: Yes Local: No Published: 02/07/2014 Credit: Raymond Rizk of Dionach [email protected] Vendor: Kunena Vulnerable: Kunena v3.0.5 Solution Status: Fixed by Vendor Kunena Forum is...

securityvulns•added 2014/10/16 12:0 a.m.•44 views

[oCERT-2014-005] LPAR2RRD input sanitization errors

2014-005 LPAR2RRD input sanitization errors Description: LPAR2RRD is a performance monitoring and capacity planning software for IBM Power Systems. LPAR2RRD generates historical, future trends and nearly "real-time" CPU utilization graphs of LPAR's and shared CPU usage. Insufficient input...

0.6AI score0.06188EPSS

securityvulns•added 2014/10/16 12:0 a.m.•36 views

IBM Algorithmics RICOS multiple security vulnerabilities

Information leakage, crossite scripting, CSRF, privilege escalation, unauthorized accesss...

6.8CVSS2.8AI score0.0571EPSS

Exploits8References1Affected Software1

securityvulns•added 2014/10/16 12:0 a.m.•64 views

[oCERT-2014-004] Ansible input sanitization errors

2014-004 Ansible input sanitization errors Description: The Ansible project is an open source configuration management platform. The Ansible platform suffers from input sanitization errors that allow arbitrary code execution as well as information leak, in case an attacker is able to control...

1.4AI score0.03434EPSS

securityvulns•added 2014/10/16 12:0 a.m.•56 views

[oCERT-2014-004] Ansible input sanitization errors

2014-004 Ansible input sanitization errors Description: The Ansible project is an open source configuration management platform. The Ansible platform suffers from input sanitization errors that allow arbitrary code execution as well as information leak, in case an attacker is able to control...

1.4AI score0.03434EPSS

securityvulns•added 2014/10/16 12:0 a.m.•73 views

IP.Board 3.4 cross-site scripting in Referer header

+-------------------------------------------------------------------- + + IP.Board 3.4 cross-site scripting in Referer header + +-------------------------------------------------------------------- + vendor site........: http://www.invisionpower.com + Affected Software .: IP.Board 3.4 + Class...

securityvulns•added 2014/10/16 12:0 a.m.•74 views

two browser mem disclosure bugs (CVE-2014-1580 and CVE-something-or-other)

First of all, CVE-2014-1580 MSFA 2014-78 is a bug that caused Firefox prior to version 33 released today to leak bits of uninitialized memory when rendering certain types of truncated images onto canvas. Mozilla's advisory is here: https://www.mozilla.org/security/announce/2014/mfsa2014-78.html B...

5CVSS0.1AI score0.02226EPSS

securityvulns•added 2014/10/16 12:0 a.m.•116 views

LiveZilla 5.3.0.7 Security Issue

I had reported few xss issues on LiveZilla 5.3.0.7 . They fixed it properly and informed me. Now latest build is 5.3.0.8 / 2014-09-25. http://changelog.livezilla.net/ Can you help me regarding CVE. I can send you the vulnerability details...

securityvulns•added 2014/10/16 12:0 a.m.•21 views

Schrack MICROCONTROL multiple security vulnerabilities

Multiple bugs in web interface...

Exploits0References1

securityvulns•added 2014/10/16 12:0 a.m.•198 views

SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140710-0 ======================================================================= title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed...

0.3AI score0.88829EPSS

securityvulns•added 2014/10/16 12:0 a.m.•252 views

[security bulletin] HPSBMU03061 rev.1 - HP Release Control, Disclosure of Privileged Information and Elevation of Privilege

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04352674 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04352674 Version: 1 HPSBMU03061 rev....

9CVSS1.3AI score0.06839EPSS

securityvulns•added 2014/10/16 12:0 a.m.•74 views

Weak Local Database Credentials in Infoblox Network Automation

Product: Network Automation • NetMRI • Switch Port Manager • Automation Change Manager • Security Device Controller Vendor: InfoBlox Vulnerable Versions: 6.4.X.X-6.8.4.X Tested Version: 6.8.2.11 Vendor Notification: May 12th, 2014 Public Disclosure: July 9th, 2014 Vulnerability Type: OS Command...

7.2CVSS0.3AI score0.00459EPSS

securityvulns•added 2014/10/16 12:0 a.m.•87 views

Lime Survey 2-05+ Multiple Vulnerabilities

Lime Survey Multiple Vulnerabilities ======================================================================= ADVISORY INFORMATION Title: Lime Survey Multiple Vulnerabilities Discovery date: 02/07/2014 Release date: 03/07/2014 Vendor Homepage: www.limesurvey.org Version: Lime Survey 2.05+ Build...

securityvulns•added 2014/10/16 12:0 a.m.•69 views

Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin

Advisory ID: HTB23236 Product: WP Google Maps WordPress plugin Vendor: WP Google Maps Vulnerable Versions: 6.0.26 and probably prior Tested Version: 6.0.26 Advisory Publication: September 24, 2014 without technical details Vendor Notification: September 24, 2014 Vendor Patch: September 29, 2014...

4.3CVSS5.7AI score0.02461EPSS

securityvulns•added 2014/10/16 12:0 a.m.•61 views

SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140716-0 ======================================================================= title: Multiple SSRF vulnerabilities product: Alfresco Community Edition vulnerable version: =4.2.f fixed version: 5.0.a...

securityvulns•added 2014/10/15 12:0 a.m.•84 views

Avira License Application - Cross Site Request Forgery Vulnerability

Document Title: =============== Avira License Application - Cross Site Request Forgery Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1302 Video: http://www.vulnerability-lab.com/getcontent.php?id=1301 Release Date: ============= 2014-08-2...

securityvulns•added 2014/10/15 12:0 a.m.•85 views

Improper Access Control in ArticleFR

Advisory ID: HTB23219 Product: ArticleFR Vendor: Free Reprintables Vulnerable Versions: 11.06.2014 and probably prior Tested Version: 11.06.2014 Advisory Publication: June 11, 2014 without technical details Vendor Notification: June 11, 2014 Public Disclosure: July 30, 2014 Vulnerability Type:...

0.7AI score0.14144EPSS

securityvulns•added 2014/10/15 12:0 a.m.•127 views

[USN-2383-1] wpa_supplicant vulnerability

========================================================================== Ubuntu Security Notice USN-2383-1 October 14, 2014 wpa, wpasupplicant vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

6.8CVSS0.3AI score0.04945EPSS

securityvulns•added 2014/10/15 12:0 a.m.•79 views

Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities

Document Title: =============== Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1272 Release Date: ============= 2014-06-18 Vulnerability Laboratory ID VL-ID:...

securityvulns•added 2014/10/15 12:0 a.m.•98 views

[security bulletin] HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04476799 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04476799 Version: 1 HPSBUX03139...

6.8CVSS0.4AI score0.01555EPSS

securityvulns•added 2014/10/15 12:0 a.m.•138 views

[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution

Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root...

8.3AI score0.24148EPSS

securityvulns•added 2014/10/15 12:0 a.m.•92 views

CVE-2014-5392 XML eXternal Entity (XXE) in "JobScheduler"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-5392 =================== "XML eXternal Entity XXE" CWE-611 vulnerability in "JobScheduler" product Vendor =================== Software- & Organisations-Service GmbH Product =================== "JobScheduler is a workload automation tool. It i...

5.8CVSS0.7AI score0.02486EPSS

Total number of security vulnerabilities47153