Securityvulns - Page 45 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2014/10/15 12:0 a.m.•67 views

Improper Access Control in ArticleFR

Advisory ID: HTB23219 Product: ArticleFR Vendor: Free Reprintables Vulnerable Versions: 11.06.2014 and probably prior Tested Version: 11.06.2014 Advisory Publication: June 11, 2014 without technical details Vendor Notification: June 11, 2014 Public Disclosure: July 30, 2014 Vulnerability Type:...

0.7AI score0.47767EPSS

securityvulns•added 2014/10/14 12:0 a.m.•42 views

Vulnerabilities in In-Portal CMS

Hello 3APA3A! These are Cross-Site Scripting and Brute Force vulnerabilities in In-Portal CMS. ------------------------- Affected products: ------------------------- Vulnerable are In-Portal CMS 5.2.0 and previous versions. In version In-Portal CMS 5.2.1 at 31.08.2014 developers fixed XSS...

securityvulns•added 2014/10/14 12:0 a.m.•56 views

[ MDVSA-2014:193 ] xerces-j2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:193 http://www.mandriva.com/en/support/security/ Package : xerces-j2 Date : October 1, 2014 Affected: Business Server 1.0 Problem Description: A resource consumption issue was found in the way Xerces-J handl...

7.1CVSS7.5AI score0.08028EPSS

securityvulns•added 2014/10/14 12:0 a.m.•55 views

Moab Authentication Bypass [CVE-2014-5300]

Moab Authentication Bypass : CVE-2014-5300 Software: Moab Affected Versions: All versions prior to Moab 7.2.9 and Moab 8 CVE Reference: CVE-2014-5300 Author: John Fitzpatrick, MWR Labs http://labs.mwrinfosecurity.com/ Severity: High Risk Vendor: Adaptive Computing Vendor Response: Resolved in Moa...

5CVSS0.3AI score0.14413EPSS

securityvulns•added 2014/10/14 12:0 a.m.•80 views

Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: The 'realname' parameter is not correctly filtered on user account creation, which could lead to user data override. Several...

5CVSS6.1AI score0.01104EPSS

securityvulns•added 2014/10/14 12:0 a.m.•60 views

[KIS-2014-09] X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability

------------------------------------------------------------------------- X2Engine = 4.1.7 SiteController.php PHP Object Injection Vulnerability ------------------------------------------------------------------------- - Software Link: http://www.x2engine.com/ - Affected Versions: All versions fr...

7.5CVSS1AI score0.00651EPSS

securityvulns•added 2014/10/14 12:0 a.m.•108 views

HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability

Document Title: =============== HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1329 Release Date: ============= 2014-10-02 Vulnerability Laboratory ID VL-ID:...

securityvulns•added 2014/10/14 12:0 a.m.•63 views

CVE-2014-5516 CSRF protection bypass in "KonaKart" Java eCommerce product

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-5516 =================== "Cross-Site Request Forgery CSRF protection bypass" CWE-352 vulnerability in "KonaKart Storefront Application" Enterprise Java eCommerce product Vendor =================== DS Data Systems UK Ltd. Product...

0.7AI score0.00153EPSS

securityvulns•added 2014/10/14 12:0 a.m.•59 views

Moab User Impersonation [CVE-2014-5375]

Moab User Impersonation : CVE-2014-5375 Software: Moab Affected Versions: All current versions of Moab. However, the impact is limited in Moab 7.2.9 and Moab 8. CVE Reference: CVE-2014-5375 Author: John Fitzpatrick, Luke Jennings MWR Labs http://labs.mwrinfosecurity.com/ Severity: High Risk Vendo...

4CVSS0.4AI score0.00306EPSS

securityvulns•added 2014/10/14 12:0 a.m.•93 views

[Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-027: SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to attack other users of...

securityvulns•added 2014/10/14 12:0 a.m.•59 views

Reflected Cross-Site Scripting (XSS) in Textpattern

Advisory ID: HTB23223 Product: Textpattern Vendor: http://textpattern.com/ Vulnerable Versions: 4.5.5 and probably prior Tested Version: 4.5.5 Advisory Publication: July 9, 2014 without technical details Vendor Notification: July 9, 2014 Vendor Patch: September 20, 2014 Public Disclosure: October...

4.3CVSS6.1AI score0.00378EPSS

securityvulns•added 2014/10/14 12:0 a.m.•55 views

[ MDVSA-2014:183 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:183 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : September 24, 2014 Affected: Business Server 1.0 Problem Description: Updated phpmyadmin package fixes security vulnerability: In...

4.3CVSS6.8AI score0.00273EPSS

securityvulns•added 2014/10/14 12:0 a.m.•33 views

Suricata DoS

Uninitialized memory access on SSH parsing...

5CVSS5AI score0.00471EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/10/14 12:0 a.m.•56 views

Reflected Cross-Site Scripting (XSS) in MODX Revolution

Advisory ID: HTB23229 Product: MODX Revolution Vendor: MODX Vulnerable Versions: 2.3.1-pl and probably prior Tested Version: 2.3.1-pl Advisory Publication: August 20, 2014 without technical details Vendor Notification: August 20, 2014 Vendor Patch: September 11, 2014 Public Disclosure: September...

4.3CVSS6.3AI score0.00544EPSS

securityvulns•added 2014/10/14 12:0 a.m.•79 views

WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found a serious security vulnerability in the Slideshow Gallery plugin. This bug allows an attacker to upload any php file remotely to the vulnerable website administrator by default. I have tested and verified that having the current version of the...

6.5CVSS0.3AI score0.64727EPSS

securityvulns•added 2014/10/14 12:0 a.m.•82 views

[ MDVSA-2014:192 ] perl-Email-Address

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:192 http://www.mandriva.com/en/support/security/ Package : perl-Email-Address Date : October 1, 2014 Affected: Business Server 1.0 Problem Description: Updated perl-Email-Address package fixes security...

5CVSS7.3AI score0.01423EPSS

securityvulns•added 2014/10/14 12:0 a.m.•59 views

Android KeyStore Stack Buffer Overflow (CVE-2014-3100)

Hi, We have discovered a stack-based buffer overflow in the Android KeyStore service which affects Android 4.3 and below. The issue was patched in Android 4.4. The vulnerability is identified as CVE-2014-3100. More details are available at: 1. Blog post: http://ibm.co/1pbk4yH 2. Advisory:...

5.1CVSS2.2AI score0.01042EPSS

securityvulns•added 2014/10/14 12:0 a.m.•54 views

SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: BusinessObjects Explorer Vendor: SAP AG Subject: Potential information disclosure relating to SBOP Explorer Risk: Medium Effect: Remotely exploitable Author: Stefan Horlacher Date: 2014-10-10 SAP Security Note:...

securityvulns•added 2014/10/14 12:0 a.m.•80 views

[ MDVSA-2014:182 ] zarafa

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:182 http://www.mandriva.com/en/support/security/ Package : zarafa Date : September 24, 2014 Affected: Business Server 1.0 Problem Description: Updated zarafa packages fix security vulnerabilities: Robert...

2.1CVSS5.4AI score0.00075EPSS

securityvulns•added 2014/10/14 12:0 a.m.•163 views

Multiple Vulnerabilities in Draytek Vigor 2130

VIGOR 2130 firmware 1.5.4.9 1.1. Command injection in traceroute functionality A user can execute arbitrary commands RCE on the router by abusing the traceroute functionality. The interface expects an IP address as input, but does not validate the input. Just provide the input: ; id The above...

securityvulns•added 2014/10/14 12:0 a.m.•54 views

Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin

Advisory ID: HTB23235 Product: Google Calendar Events WordPress plugin Vendor: Phil Derksen Vulnerable Versions: 2.0.1 and probably prior Tested Version: 2.0.1 Advisory Publication: September 17, 2014 without technical details Vendor Notification: September 17, 2014 Vendor Patch: October 7, 2014...

4.3CVSS6.2AI score0.00586EPSS

securityvulns•added 2014/10/14 12:0 a.m.•75 views

Multiple vulnerabilities in DrayTek VigorACS SI

DrayTek VigorACS SI = 1.3.0 Vigor ACS-SI Edition is a Central Management System for DrayTek routers and firewalls, providing System Integrators or system administration personnel a real-time integrated monitoring, configuration and management platform...

securityvulns•added 2014/10/14 12:0 a.m.•52 views

XSS vulnerability in In-Portal CMS

Hello 3APA3A! After I informed developers in August about multiple vulnerabilities in In-Portal CMS and they answered they would fix them soon so wait for disclosure of the first vulnerabilities, I found new hole in this CMS at their official site. This is Cross-Site Scripting vulnerability in...

securityvulns•added 2014/10/14 12:0 a.m.•34 views

IBM AIX privilege escalation

Privilege escalation via runtime linker...

7.2CVSS4.8AI score0.00081EPSS

Exploits4References1Affected Software2

securityvulns•added 2014/10/14 12:0 a.m.•54 views

Multiple vulnerabilities in Refraction theme for WordPress

Hello 3APA3A! In 2012 I've disclosed vulnerabilities in JW Player and in RokBox. Which were fixed by the developers - JW Player developers fixed one hole and promised to fix others later and RokBox developers fixed all holes but it was questionable how they fixed holes related to JW Player. In...

securityvulns•added 2014/10/14 12:0 a.m.•52 views

CSP Bypass in android browser prior to 4.4

Hello. I hope this is the correct place to report this bug. I've found a Content Security Policy bypass similar to the same and related to the same origin policy bypass in this CVE. This is a separate vulnerability, however. https://vulners.com/cve/CVE-2014-6041 I've tested this on an Android 4.3...

5.8CVSS6.2AI score0.77565EPSS

securityvulns•added 2014/10/14 12:0 a.m.•51 views

Two SQL Injections in All In One WP Security WordPress plugin

Advisory ID: HTB23231 Product: All In One WP Security WordPress plugin Vendor: Tips and Tricks HQ, Peter, Ruhul, Ivy Vulnerable Versions: 3.8.2 and probably prior Tested Version: 3.8.2 Advisory Publication: September 3, 2014 without technical details Vendor Notification: September 3, 2014 Vendor...

6.5CVSS0.04936EPSS

securityvulns•added 2014/10/14 12:0 a.m.•35 views

MIUI Wifi Connection Message Vulnerability

MIUI Wifi Connection Message Vulnerability I. Summary Wifi Connection Message is written to a NFC tag, which can be touched by a NFC mobile phone for connecting wireless AP automatically. A logic flaw has been found in MIUI that is a Android ROM. The flaw can be used to turn on wifi, with the hel...

securityvulns•added 2014/10/14 12:0 a.m.•41 views

Android NFC Service Denial of Service

Android NFC Service Denial of Service ------------------------------------------------------------------ I. Summary NFC Service is a process of Android OS for providing access to NFC functionality, allowing applications to read NDEF message in NFC tags. A flaw has beend found in NFC Service...

securityvulns•added 2014/10/14 12:0 a.m.•85 views

SAP Security Note 1908531 - XXE in BusinessObjects Explorer

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: BusinessObjects Explorer Vendor: SAP AG Subject: Untrusted XML input parsing possible in SBOP Explorer Risk: High Effect: Remotely exploitable Author: Stefan Horlacher Date: 2014-10-10 SAP Security Note: 1908531 0...

securityvulns•added 2014/10/14 12:0 a.m.•45 views

BMC Track-It multiple security vulnerabilities

Code execution, information leakageб SQL injection...

7.5CVSS2.2AI score0.82177EPSS

Exploits16References1

securityvulns•added 2014/10/14 12:0 a.m.•74 views

[ MDVSA-2014:164 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:164 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : September 2, 2014 Affected: Business Server 1.0 Problem Description: Updated phpmyadmin package fixes security vulnerabilities: In...

3.5CVSS6.5AI score0.00381EPSS

securityvulns•added 2014/10/14 12:0 a.m.•106 views

TP-LINK WDR4300 - Stored XSS & DoS

Advisory Information =============== Vendors Contacted: TP-LINK Vendor Patched: Yes, Firmware 140916 System Affected: N750 Wireless Dual Band Gigabit Router TL-WDR4300, might affect others. Versions Affected: 130617 , possibly earlier CVE Numbers Assigned: CVE-2014-4727, CVE-2014-4728...

5CVSS0.8AI score0.0118EPSS

securityvulns•added 2014/10/14 12:0 a.m.•50 views

[Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-020: SAP Business Objects Denial of Service via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to completely shut down the SAP Business...

securityvulns•added 2014/10/14 12:0 a.m.•48 views

perl-Email-Address DoS

resources exhaustion on address parsing...

5CVSS3.3AI score0.01423EPSS

Exploits2References1

securityvulns•added 2014/10/14 12:0 a.m.•41 views

CSNC-2014-004 neuroML - Multiple Vulnerabilities

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: neuroML Version: =v1.8.1 Confirmed: v1.8.1 Vendor: neuroML.org CSNC ID: CSNC-2014-004 CVD ID: none Subject: Multiple Vulnerabilities Risk: High Effect: Remotely exploitable Author: Philipp Promeuschel...

securityvulns•added 2014/10/14 12:0 a.m.•54 views

[ MDVSA-2014:126 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:126 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : July 8, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...

3.5CVSS6.1AI score0.00354EPSS

securityvulns•added 2014/10/14 12:0 a.m.•58 views

[SECURITY] [DSA 3041-1] xen security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3041-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 01, 2014 http://www.debian.org/security/faq -...

8.3CVSS1.6AI score0.02355EPSS

securityvulns•added 2014/10/14 12:0 a.m.•178 views

SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: BusinessObjects Explorer Vendor: SAP AG Subject: Cross Site Flashing Risk: High Effect: Remotely exploitable Author: Stefan Horlacher Date: 2014-10-10 SAP Security Note: 1908647 0 Abstract: -------------...

securityvulns•added 2014/10/14 12:0 a.m.•65 views

[ MDVSA-2014:143 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:143 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : July 30, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...

4CVSS6.1AI score0.00339EPSS

securityvulns•added 2014/10/14 12:0 a.m.•22 views

neuroML multiple security vulnerabilities

Information disclosure, XXE...

Exploits0References1Affected Software1

securityvulns•added 2014/10/14 12:0 a.m.•36 views

MIUI Torch Open Vulnerability

MIUI Torch Open Vulnerability I. Summary com.android.systemui is the corresponding package of MiuiSystemUI.apk, a MIUI system application that manages user interface and other functions. When started by NFC tag, the torch in NFC mobile phone will be open automatically...

securityvulns•added 2014/10/14 12:0 a.m.•47 views

Two XSS in Contact Form DB WordPress plugin

Advisory ID: HTB23233 Product: Contact Form DB WordPress plugin Vendor: Michael Simpson Vulnerable Versions: 2.8.13 and probably prior Tested Version: 2.8.13 Advisory Publication: September 17, 2014 without technical details Vendor Notification: September 17, 2014 Vendor Patch: September 25, 2014...

4.3CVSS5.7AI score0.00233EPSS

securityvulns•added 2014/10/14 12:0 a.m.•69 views

[ MDVSA-2014:194 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:194 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : October 3, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been discovered and corrected in phpmyadmin...

3.5CVSS6.2AI score0.00339EPSS

securityvulns•added 2014/10/14 12:0 a.m.•59 views

[Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-031: SAP Business Objects Information Disclosure via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to obtain information about the syst...

securityvulns•added 2014/10/14 12:0 a.m.•42 views

TP-Link routers security vulnerabilities

Crossite scripting, DoS...

5CVSS2.1AI score0.0118EPSS

Exploits4References1

securityvulns•added 2014/10/14 12:0 a.m.•38 views

Android / MIUI multiple security vulnerabilities

Browser CSP restrictions bypass is possible, DoS via NFC, Keystore buffer overflow...

5.1CVSS3.6AI score0.01042EPSS

Exploits1References6Affected Software2

securityvulns•added 2014/10/14 12:0 a.m.•90 views

CVE-2014-4958: Stored Attribute-Based Cross-Site Scripting (XSS) Vulnerability in Telerik UI for ASP.NET AJAX RadEditor Control

All versions of the popular UI for ASP.NET AJAX RadEditor Control product by Telerik may be affected by a high-risk stored attribute-based cross-site scripting XSS vulnerability that is assigned CVE-2014-4958. This WYSIWYG rich text editor is “...what Microsoft chose to use in MSDN, CodePlex,...

4.3CVSS8.8AI score0.00256EPSS

securityvulns•added 2014/10/14 12:0 a.m.•74 views

Reflected Cross-Site Scripting (XSS) in BlackCat CMS

Advisory ID: HTB23228 Product: BlackCat CMS Vendor: Black Cat Development Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: August 13, 2014 without technical details Vendor Notification: August 13, 2014 Vendor Patch: August 13, 2014 Public Disclosure:...

4.3CVSS6.4AI score0.00421EPSS

securityvulns•added 2014/10/14 12:0 a.m.•40 views

Xen multiple security vulnerabilities

DoS, information leakage, privilege escalation...

8.3CVSS2.8AI score0.02355EPSS

Exploits0References1Affected Software1

Total number of security vulnerabilities47153