Securityvulns - Page 55 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2014/06/17 12:0 a.m.•37 views

musl-libc buffer overflow

Buffer overflow on DNS response parsing...

4.7AI score0.01446EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/06/17 12:0 a.m.•47 views

[oss-security] CVE request: OpenAFS 1.6.8 TMAY fileserver crashes

New code introduced in OpenAFS 1.6.8 does not properly zero fields in the host structure in the OpenAFS fileserver, leading to some variables in the host structure being left initialized from recycled heap memory. While no mechanism for exploitation is currently known, the affected file server...

securityvulns•added 2014/06/17 12:0 a.m.•121 views

[SECURITY] [DSA 2959-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2959-1 [email protected] http://www.debian.org/security/ Michael Gilbert June 14, 2014 http://www.debian.org/security/faq -...

7.5CVSS0.7AI score0.02884EPSS

securityvulns•added 2014/06/17 12:0 a.m.•78 views

PHP security vulnerabilities

Symbolic links vulnerabilities, dnsgetrecord buffer overflow...

5.1CVSS2.7AI score0.30666EPSS

Exploits0References3Affected Software1

securityvulns•added 2014/06/17 12:0 a.m.•62 views

[oss-security] CVE-2014-4014: Linux kernel user namespace bug

The internal function inodecapable was used inappropriately. Depending on configuration, this may be usable to escalate privileges. A cursory inspection of my Fedora box suggests that it is not vulnerable to the obvious way to exploit this bug. The fix should appear in Linus' -master shortly, and...

6.2CVSS7.5AI score0.02115EPSS

securityvulns•added 2014/06/14 12:0 a.m.•68 views

CVE-2014-3448 - Remote Code Execution Via Unauthenticated File Upload in BSS Continuity CMS

Vulnerability title: Remote Code Execution Via Unauthenticated File Upload in BSS Continuity CMS CVE: CVE-2014-3448 Vendor: BSS Product: Continuity CMS Affected version: 4.2.22640.0 Fixed version: N/A Reported by: Jerzy Kramarz Details: The ASPX executable which is responsible for handling file...

0.8AI score0.04136EPSS

securityvulns•added 2014/06/14 12:0 a.m.•65 views

[CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies

I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in Transform Foundation server 4.3.1 and 5.2 from Bottomline Technologies II. BACKGROUND ------------------------- Bottomline offers powerful, next-generation electronic document solutions for formatting, personalizi...

4.3CVSS6.3AI score0.00421EPSS

securityvulns•added 2014/06/14 12:0 a.m.•83 views

CS and XSS vulnerabilities in DZS Video Gallery for WordPress

Hello 3APA3A! There are Content Spoofing and Cross-Site Scripting vulnerabilities in plugin DZS Video Gallery for WordPress. After I announced multiple vulnerabilities in DZS Video Gallery at 08.05.2014 and informed developers, they ignored it, so the second advisory is going directly to full...

securityvulns•added 2014/06/14 12:0 a.m.•50 views

CVE-2014-3740 - SpiceWorks Cross-site scripting

Exploit Title: Multiple Stored XSS vulnerabilities in SpiceWorks Ticketing system CVE: CVE-2014-3740 Vendor: SpiceWorks Product: SpiceWorks IT ticketing system Affected versions: any version below 7.2.00195 Fixed version: 7.2.00195 1. About the application: ======================= SpiceWorks is a...

3.5CVSS0.7AI score0.02279EPSS

securityvulns•added 2014/06/14 12:0 a.m.•40 views

[oss-security] CVE request: PowerDNS in default configuration is vulnerable to DoS attack

It was found 1 that in default configuration PowerDNS is allowed to consume more file descriptors than is available for a default installation of many Linux distributions. Default configuration is: 2 threads / 2048 max-mthreads, which leads to a theoretical FD consumption of 4096. Default FD limi...

securityvulns•added 2014/06/14 12:0 a.m.•48 views

squid DoS

DoS via Range: request if SSL-Bump is allowed...

5CVSS3.3AI score0.54968EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/06/14 12:0 a.m.•36 views

DCMTK privileges escalation

No description provided...

7.2CVSS2AI score0.00112EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/06/14 12:0 a.m.•56 views

Details for CVE-2014-0220

------------------------------------------------------------------------------------------ Technical Service Bulletin 2014-28 TSB Title: Security Vulnerability: Sensitive Configuration Values Exposed in Cloudera Manager Certain configuration values that are stored in Cloudera Manager are consider...

4CVSS2.6AI score0.0032EPSS

securityvulns•added 2014/06/14 12:0 a.m.•22 views

WebTitan multiple security vulnerabilities

SQL injection, code execution, durectory traversal...

Exploits0References1Affected Software1

securityvulns•added 2014/06/14 12:0 a.m.•81 views

FCKedtior 2.6.10 Reflected Cross-Site Scripting (XSS)

Class Cross-Site Scripting Remote Yes Published 2nd June 2014 Credit Robin Bailey of Dionach [email protected] Vulnerable FCKeditor = 2.6.10 FCKeditor is prone to a reflected cross-site scripting XSS vulnerability due to inadequately sanitised user input. An attacker may leverage this issue to ru...

4.3CVSS0.4AI score0.02144EPSS

securityvulns•added 2014/06/14 12:0 a.m.•69 views

DNN (DotNetNuke®) eventscalendar Module Arbitrary File Download Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® eventscalendar Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.invenmanager.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork:...

securityvulns•added 2014/06/14 12:0 a.m.•55 views

[SECURITY] [DSA 2948-1] python-bottle security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2948-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 04, 2014 http://www.debian.org/security/faq -...

6.8CVSS1.5AI score0.0094EPSS

securityvulns•added 2014/06/14 12:0 a.m.•108 views

[oss-security] CVE request: Proxmox VE < 3.2 user enumeration vulnerability

Hi list, We recently found a vulnerability affecting Proxmox VE 3.2 that allows an unauthenticated user to perform user enumeration. Vendor was contacted and the vulnerability fixed in Proxmox VE 3.2, released on 2014-03-10. References: Proxmox related commits:...

securityvulns•added 2014/06/14 12:0 a.m.•77 views

CSRF and Remote Code Execution in EGroupware

Advisory ID: HTB23212 Product: EGroupware Vendor: http://www.egroupware.org/ Vulnerable Versions: 1.8.006 community edition and probably prior Tested Version: 1.8.006 community edition Advisory Publication: April 23, 2014 without technical details Vendor Notification: April 23, 2014 Vendor Patch:...

8.5CVSS0.6AI score0.03251EPSS

securityvulns•added 2014/06/14 12:0 a.m.•229 views

multiple Vulnerability in "WahmShoppes eStore"

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : multiple Vulnerability in "WahmShoppes eStore" Author : alieye vendor : http://www.wahmshoppes.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl:WsError.asp inurl:store/ We apologize but your request...

securityvulns•added 2014/06/14 12:0 a.m.•59 views

CVE-2013-6825 DCMTK Root Privilege escalation

CVE-2013-6825 DCMTK Root Privilege escalation About DCMTK: DCMTK is a collection of libraries and applications implementing large parts the DICOM standard. It includes software for examining, constructing and converting DICOM image files, handling offline media, sending and receiving images over ...

7.2CVSS2.4AI score0.00112EPSS

securityvulns•added 2014/06/14 12:0 a.m.•17 views

Bilyoner apps insecure data transmission

Under some conditions data is sent unencrypted...

Exploits0References1

securityvulns•added 2014/06/14 12:0 a.m.•130 views

[ MDVSA-2014:116 ] file

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:116 http://www.mandriva.com/en/support/security/ Package : file Date : June 10, 2014 Affected: Business Server 1.0 Problem Description: Updated file packages fix security vulnerabilities: A flaw was found in...

5CVSS6.7AI score0.2611EPSS

securityvulns•added 2014/06/14 12:0 a.m.•23 views

SAP multiple security vulnerabilities

Multiple hardcoded credentials, unauthorized configuration access...

Exploits0References2

securityvulns•added 2014/06/14 12:0 a.m.•37 views

TigerCom My Assistant v1.1 iOS - File Include Vulnerability

Document Title: =============== TigerCom My Assistant v1.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1268 Release Date: ============= 2014-05-23 Vulnerability Laboratory ID VL-ID: ===================================...

securityvulns•added 2014/06/14 12:0 a.m.•43 views

Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress

Yarubo 1: Arbitrary SQL Execution in Participants Database for Wordpress ========================================================= Program: Participants Database = 1.5.4.8 Severity: Unauthenticated attacker can fully compromise the Wordpress installation Permalink:...

securityvulns•added 2014/06/14 12:0 a.m.•59 views

[Onapsis Security Advisory 2014-020] SAP SLD Information Tampering

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-020: SAP SLD Information Tampering 1. Impact on Business ===================== By exploiting this vulnerability, a remote unauthenticated attacker might be able to modify technical information about the SAP systems...

securityvulns•added 2014/06/14 12:0 a.m.•31 views

ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability

ESA-2014-024.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability EMC Identifier: ESA-2014-024 CVE Identifier: CVE-2014-2503 Severity Rating: CVSS v2 Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Affected products: • E...

7.5CVSS0.3AI score0.00349EPSS

securityvulns•added 2014/06/14 12:0 a.m.•66 views

[KIS-2014-05] Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability

------------------------------------------------------------------------- Dotclear = 2.6.2 XML-RPC Interface Authentication Bypass Vulnerability ------------------------------------------------------------------------- - Software Link: http://dotclear.org/ - Affected Versions: Version 2.6.2 and...

5.8CVSS0.4AI score0.00447EPSS

securityvulns•added 2014/06/14 12:0 a.m.•53 views

Wordpress Booking System (Booking Calendar) plugin SQL Injection

Exploit Title: Wordpress Booking System Booking Calendar plugin SQL Injection Release Date: 2014-05-21 Author: maodun Contact: Twitter: @conmancm Software Link: http://wordpress.org/support/plugin/booking-system Affected version: 1.3 Google Dork: inurl:/wp-content/plugins/booking-system/...

6.5CVSS0.1AI score0.02526EPSS

securityvulns•added 2014/06/14 12:0 a.m.•94 views

[ MDVSA-2014:114 ] squid

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:114 http://www.mandriva.com/en/support/security/ Package : squid Date : June 10, 2014 Affected: Business Server 1.0 Problem Description: Updated squid packages fix security vulnerability: Due to incorrect...

5CVSS8.5AI score0.54968EPSS

securityvulns•added 2014/06/14 12:0 a.m.•91 views

CodeIgniter <= 2.1.4 Session Decoding Vulnerability

Class Weak encryption Remote Yes Published 6th June 2014 Credit Robin Bailey of Dionach [email protected] Vulnerable CodeIgniter = 2.1.4 Session cookies created by the CodeIgniter PHP framework contain a number of variables in a serialized PHP array. To prevent users from tampering with this cook...

securityvulns•added 2014/06/14 12:0 a.m.•77 views

[SECURITY] [DSA 2946-1] python-gnupg security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2946-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 04, 2014 http://www.debian.org/security/faq -...

7.5CVSS1.8AI score0.01162EPSS

securityvulns•added 2014/06/14 12:0 a.m.•31 views

[oss-security] CVE request: multiple /tmp races in ppc64-diag

Just quoting from our bug report: As noted in the SUSE bug report, numerous /tmp race conditions exist in ppc64-diag, in particular: rtaserrd/diagsupport.c:233: char command="/usr/bin/find /proc/device-tree -name status -print /tmp/getdtfiles"; rtaserrd/diagsupport.c:241: fp1 =...

securityvulns•added 2014/06/14 12:0 a.m.•69 views

Files Desk Pro v1.4 iOS - File Include Web Vulnerability

Document Title: =============== Files Desk Pro v1.4 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1266 Release Date: ============= 2014-05-16 Vulnerability Laboratory ID VL-ID: ====================================...

securityvulns•added 2014/06/14 12:0 a.m.•49 views

[SECURITY] [DSA 2942-1] typo3-src security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2942-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff Jun 01, 2014 http://www.debian.org/security/faq -...

securityvulns•added 2014/06/14 12:0 a.m.•152 views

DNN (DotNetNuke®) CodeEditor Module Arbitrary File Download Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® CodeEditor Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.mediaant.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork:...

securityvulns•added 2014/06/14 12:0 a.m.•26 views

NG WifiTransfer Pro 1.1 - File Include Vulnerability

Document Title: =============== NG WifiTransfer Pro 1.1 - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1260 Release Date: ============= 2014-04-28 Vulnerability Laboratory ID VL-ID: ==================================== 1260...

securityvulns•added 2014/06/14 12:0 a.m.•49 views

[SECURITY] [DSA 2957-1] mediawiki security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2957-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 12, 2014 http://www.debian.org/security/faq -...

2.6CVSS1.3AI score0.00324EPSS

securityvulns•added 2014/06/14 12:0 a.m.•57 views

CVE-2014-2233 - "Server-Side Request Forgery" (CWE-918) vulnerability in "infoware MapSuite"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2233 =================== "Server-Side Request Forgery" CWE-918 vulnerability in "infoware MapSuite" Vendor =================== infoware GmbH Product =================== MapSuite Affected versions =================== This vulnerability affects...

5CVSS0.6AI score0.00493EPSS

securityvulns•added 2014/06/14 12:0 a.m.•41 views

CVE-2014-1226 s3dvt Root shell (still)

CVE-2014-1226 s3dvt Root shell still About s3dvt: s3dvt is part of the 3d network display server which can be used as 3d desktop environment. Vulnerability: The s3dvt developers forgot to review all the code. There is still a vulnerable function as in the previous CVE-2013-6825. At the date of Ju...

7.2CVSS0.6AI score0.00112EPSS

securityvulns•added 2014/06/14 12:0 a.m.•65 views

[SECURITY] [DSA 2956-1] icinga security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2956-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 11, 2014 http://www.debian.org/security/faq -...

6.8CVSS2.6AI score0.48577EPSS

securityvulns•added 2014/06/14 12:0 a.m.•71 views

[REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2014-001 ------------------------------------------------------------------------ Advisory ID: REVIVE-SA-2014-001 CVE ID: CVE-2013-5954 Date: 2014-05-15 Security risk: Moderate...

6.8CVSS0.9AI score0.03267EPSS

securityvulns•added 2014/06/14 12:0 a.m.•24 views

proxmox user enumeration vulnerability

No description provided...

Exploits0References1Affected Software1

securityvulns•added 2014/06/14 12:0 a.m.•51 views

[ MDVSA-2014:111 ] otrs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:111 http://www.mandriva.com/en/support/security/ Package : otrs Date : June 10, 2014 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerabilities: A logged in attack...

4.3CVSS8.5AI score0.00226EPSS

securityvulns•added 2014/06/14 12:0 a.m.•81 views

[RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script

Advisory: SQL Injection in webEdition CMS File Browser RedTeam Pentesting discovered an SQL injection vulnerability in the file browser component of webEdition CMS during a penetration test. Unauthenticated attackers can get read-only access on the SQL database used by webEdition and read for...

7.5CVSS7.2AI score0.04123EPSS

securityvulns•added 2014/06/14 12:0 a.m.•28 views

CoSoSys Endpoint Protector multiple security vulnerabilities

Backdoor accounts, SQL injections, information disclosure...

Exploits0References1Affected Software1

securityvulns•added 2014/06/14 12:0 a.m.•67 views

SEC Consult SA-20140521-0 :: Multiple critical vulnerabilities in CoSoSys Endpoint Protector 4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140521-0 ======================================================================= title: Multiple vulnerabilities product: CoSoSys Endpoint Protector 4 vulnerable version: all - except issue 1 fixed...

securityvulns•added 2014/06/14 12:0 a.m.•142 views

DNN (DotNetNuke®) ASPSlideshow Module Arbitrary File Download Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® ASPSlideshow Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.mediaant.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork:...

securityvulns•added 2014/06/14 12:0 a.m.•65 views

NeginGroup CMS Multiple Vulnerability

Sql Injection And Xss Vulnerability In NeginGroup Cms @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@...

Total number of security vulnerabilities47153