Securityvulns - Page 56 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2014/06/14 12:0 a.m.•98 views

D-Link DSL-500T / DAP 1150 / DAP-1320 multiple security vulnerabilities

Web administration interface crossite request forgery, authentication bypass, directory traversal...

Exploits0References9

securityvulns•added 2014/06/14 12:0 a.m.•83 views

LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory 2014-05-22 === FEX Frams' Fast File EXchange - Multiple Issues - - --------------------------------------------------------------------- Affected Versions ================= FEX Frams' Fast File...

4.3CVSS6.2AI score0.00789EPSS

securityvulns•added 2014/06/14 12:0 a.m.•173 views

Multiple vulnerabilities in Sharetronix

Advisory ID: HTB23214 Product: Sharetronix Vendor: Blogtronix, LLC Vulnerable Versions: 3.3 and probably prior Tested Version: 3.3 Advisory Publication: May 7, 2014 without technical details Vendor Notification: May 7, 2014 Vendor Patch: May 27, 2014 Public Disclosure: May 28, 2014 Vulnerability...

6.8CVSS0.00687EPSS

securityvulns•added 2014/06/14 12:0 a.m.•93 views

python-PGP code execution

Shell injections...

7.5CVSS2.1AI score0.01162EPSS

Exploits4References1Affected Software1

securityvulns•added 2014/06/14 12:0 a.m.•76 views

[SECURITY] [DSA 2934-1] python-django security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2934-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 19, 2014 http://www.debian.org/security/faq -...

10CVSS1.8AI score0.06894EPSS

securityvulns•added 2014/06/14 12:0 a.m.•61 views

DNN (DotNetNuke®) responsivesidebar Module Arbitrary File Download Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® responsivesidebar Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.mediaant.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork:...

securityvulns•added 2014/06/14 12:0 a.m.•24 views

Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities

Document Title: =============== Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1270 Release Date: ============= 2014-05-30 Vulnerability Laboratory ID VL-ID:...

securityvulns•added 2014/06/14 12:0 a.m.•50 views

LE, BF and IAA vulnerabilities in Catapulta I.W. Edition

Hello 3APA3A! These are Login Enumeration, Brute Force and Insufficient Anti-automation vulnerabilities in Catapulta I.W. Edition. This is commercial CMS. It's used at web site of one presidential contender in Ukraine the elections were last Sunday, where I found these vulnerabilities at...

securityvulns•added 2014/06/14 12:0 a.m.•58 views

[Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisories:Multiple Hard-coded Usernames CWE-798 have been found and patched in a variety of SAP components. Summaries of the advisories with links to full versions follow: 1. ONAPSIS-2014-011-SAP Project System Structures and...

securityvulns•added 2014/06/14 12:0 a.m.•24 views

iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability

Document Title: =============== iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1271 Release Date: ============= 2014-06-02 Vulnerability Laboratory ID VL-ID: ==================================...

securityvulns•added 2014/06/14 12:0 a.m.•527 views

[KIS-2014-07] Dotclear <= 2.6.2 (categories.php) SQL Injection Vulnerability

-------------------------------------------------------------- Dotclear = 2.6.2 categories.php SQL Injection Vulnerability -------------------------------------------------------------- - Software Link: http://dotclear.org/ - Affected Versions: Version 2.6.2 and probably prior versions. -...

6CVSS0.8AI score0.00327EPSS

securityvulns•added 2014/06/14 12:0 a.m.•68 views

[KIS-2014-06] Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability

------------------------------------------------------------------------ Dotclear = 2.6.2 Media Manager Unrestricted File Upload Vulnerability ------------------------------------------------------------------------ - Software Link: http://dotclear.org/ - Affected Versions: Version 2.6.2 and...

6CVSS0.6AI score0.00829EPSS

securityvulns•added 2014/06/14 12:0 a.m.•45 views

CSRF, AoF and XSS vulnerabilities in D-Link DAP 1150

Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...

securityvulns•added 2014/06/14 12:0 a.m.•140 views

CVE-2014-3446 - Unauthenticated Blind SQL Injection in BSS Continuity CMS

Vulnerability title: Unauthenticated Blind SQL Injection in BSS Continuity CMS CVE: CVE-2014-3446 Vendor: BSS Product: Continuity CMS Affected version: 4.2.22640.0 Fixed version: N/A Reported by: Jerzy Kramarz Details: he following URL and parameters have been confirmed to suffer from Blind SQL...

7.5CVSS7.4AI score0.00397EPSS

securityvulns•added 2014/06/14 12:0 a.m.•24 views

ppc64-diag symbolic links vulnerability

Symbolic links vulnerability on temporary files creation...

Exploits0References1Affected Software1

securityvulns•added 2014/06/14 12:0 a.m.•35 views

IBM DB2 privilege escalation

Insecure dynamic libraries loading...

7.2CVSS3.7AI score0.00073EPSS

Exploits0References1

securityvulns•added 2014/06/14 12:0 a.m.•52 views

DNN (DotNetNuke®) dnnUI_NewsArticlesSlider Module Arbitrary File Download Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® dnnUINewsArticlesSlider Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.dnnui.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork:...

securityvulns•added 2014/06/14 12:0 a.m.•55 views

CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2

Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2 CVE: CVE-2014-0907 Vendor: IBM Product: DB2 Affected version: V9.1, V9.5, V9.7, V10.1 and V10.5 Fixed version: V9.7 FP9a, V10.1 FP3a, V10.1 FP4 and V10.5 FP3a Reported by: Tim Brown Details: It ha...

7.2CVSS0.3AI score0.00073EPSS

securityvulns•added 2014/06/14 12:0 a.m.•28 views

AllReader v1.0 iOS - Multiple Web Vulnerabilities

Document Title: =============== AllReader v1.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1269 Release Date: ============= 2014-05-26 Vulnerability Laboratory ID VL-ID: ==================================== 1269...

securityvulns•added 2014/06/14 12:0 a.m.•48 views

PHP/fileinfo/file DoS

Resources exhaustion and infinite loop in CDF files parsing...

5CVSS2.8AI score0.2611EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/06/14 12:0 a.m.•42 views

ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities

ESA-2014-046.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities EMC Identifier: ESA-2014-046 CVE Identifier: CVE-2014-2506, CVE-2014-2507, CVE-2014-2508 Severity Rating: CVSS v2 Base Score: See below for individual scores Affecte...

8.5CVSS0.5AI score0.01714EPSS

securityvulns•added 2014/06/14 12:0 a.m.•20 views

Privacy Pro v1.2 HZ iOS - File Include Web Vulnerability

Document Title: =============== Privacy Pro v1.2 HZ iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1267 Release Date: ============= 2014-05-23 Vulnerability Laboratory ID VL-ID: ====================================...

securityvulns•added 2014/06/14 12:0 a.m.•30 views

Multiple CSRF and XSS vulnerabilities in D-Link DAP 1150

Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...

securityvulns•added 2014/06/14 12:0 a.m.•77 views

Two Cross-Site Scripting (XSS) Vulnerabilities in Seo Panel

Advisory ID: HTB23200 Product: Seo Panel Vendor: www.seopanel.in Vulnerable Versions: 3.4.0 and probably prior Tested Version: 3.4.0 Advisory Publication: January 29, 2014 without technical details Vendor Notification: January 29, 2014 Vendor Patch: May 15, 2014 Public Disclosure: May 16, 2014...

4.3CVSS6.3AI score0.0041EPSS

securityvulns•added 2014/06/14 12:0 a.m.•354 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9.3CVSS1.6AI score0.94325EPSS

Exploits76References46Affected Software28

securityvulns•added 2014/06/14 12:0 a.m.•211 views

[SECURITY] CVE-2013-2251: Apache Continuum affected by Remote Command Execution

CVE-2013-2251: Apache Continuum affected by Remote Command Execution Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Continuum 1.3.1 to Continuum 1.4.1 Description: Apache Continuum is affected by a vulnerability in the version of the Struts library being used, whi...

9.3CVSS2.1AI score0.94325EPSS

securityvulns•added 2014/06/14 12:0 a.m.•50 views

Construtiva CIS Manager CMS POST SQLi

TL;DR; ====== . PRODUCT : Construtiva CIS Manager . TYPE : SQLi http://site/autenticar/lembrarlogin.asp POST email . CVE : CVE-2014-3749 Software Description ==================== . The CIS Manager platform is a complete and powerful tool to manage sites and corporative portals on the Internet. Th...

7.5CVSS0.2AI score0.00379EPSS

securityvulns•added 2014/06/14 12:0 a.m.•25 views

PowerDNS DoS

DoS via decriptors exhaustion...

Exploits0References1

securityvulns•added 2014/06/14 12:0 a.m.•31 views

s3dvt multiple security vulnerabilities

Multiple privilege escalations...

7.2CVSS2.7AI score0.00046EPSS

Exploits0References2Affected Software1

securityvulns•added 2014/06/14 12:0 a.m.•96 views

[SECURITY] [DSA 2929-1] ruby-actionpack-3.2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2929-1 [email protected] http://www.debian.org/security/ Florian Weimer May 16, 2014 http://www.debian.org/security/faq -...

5CVSS2.1AI score0.5271EPSS

securityvulns•added 2014/06/14 12:0 a.m.•137 views

CVE-2014-3445 - Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages

Vulnerability title: Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages CVE: CVE-2014-3445 Vendor: HandsomeWeb Product: SOS Webpages Affected version: 1.1.11 and earlier Fixed version: 1.1.12 Reported by: Freakyclown Details: The default setup allows an unauthenticated use...

9.8AI score0.04393EPSS

securityvulns•added 2014/06/14 12:0 a.m.•54 views

CVE-2014-3447 - Remote Denial Of Service in BSS Continuity CMS

Vulnerability title: Remote Denial Of Service in BSS Continuity CMS CVE: CVE-2014-3447 Vendor: BSS Product: Continuity CMS Affected version: 4.2.22640.0 Fixed version: N/A Reported by: Jerzy Kramarz Details: By repeatedly calling node enumeration script, a remote unauthenticated attacker can...

0.1AI score0.00988EPSS

securityvulns•added 2014/06/14 12:0 a.m.•62 views

[RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script

Advisory: Remote Command Execution in webEdition CMS Installer Script RedTeam Pentesting discovered a remote command execution vulnerability in the installer script of the webEdition CMS during a penetration test. If the installer script is not manually removed after installation, attackers canno...

10AI score0.01923EPSS

securityvulns•added 2014/06/14 12:0 a.m.•94 views

[USN-2218-1] Xalan-Java vulnerability

========================================================================== Ubuntu Security Notice USN-2218-1 May 21, 2014 libxalan2-java vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

7.5CVSS0.2AI score0.05877EPSS

securityvulns•added 2014/06/14 12:0 a.m.•105 views

Bilyoner mobile apps prone to various SSL/TLS attacks

===================================================================== Sceptive Security Advisory Synopsis: Bilyoner mobile apps prone to various SSL/TLS attacks Product: Various mobile applications Advisory URL: http://sceptive.com/p/bilyoner-mobile-apps-prone-to-various-ssltls-attacks Advisory...

5.8CVSS0.5AI score0.00134EPSS

securityvulns•added 2014/06/14 12:0 a.m.•49 views

Mybb Sendthread Page Denial of Service Vulnerability

Denial of Service Vulnerability In Mybb 1.6.13 and old version !/usr/bin/perl @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@...

securityvulns•added 2014/06/14 12:0 a.m.•223 views

DNN (DotNetNuke®) EasyDnnGallery Module Arbitrary File Download Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® EasyDnnGallery Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.easydnnsolutions.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork...

securityvulns•added 2014/06/14 12:0 a.m.•80 views

SEC Consult SA-20140606-0 :: Multiple critical vulnerabilities in WebTitan

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140606-0 ======================================================================= title: Multiple critical vulnerabilities product: WebTitan vulnerable version: 4.01 Build 68 fixed version: 4.04 impact:...

securityvulns•added 2014/06/14 12:0 a.m.•45 views

CVE-2013-6876 s3dvt Root shell

CVE-2013-6876 s3dvt Root shell About s3dvt: s3dvt is part of the 3d network display server which can be used as 3d desktop environment. Vulnerability: A vulnerability in s3dvt for versions prior to 0.2.2 allows to obtain a root shell. Details, patches, discussion and strategy to exploit at:...

7.2CVSS1AI score0.00043EPSS

securityvulns•added 2014/06/14 12:0 a.m.•32 views

Cloudera Manager information disclosure

Sensitive configuration information disclosure via API...

4CVSS1.7AI score0.0032EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/06/14 12:0 a.m.•52 views

CVE-2014-0228: Apache Hive Authorization vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2014-0228: Apache Hive Authorization vulnerability Severity: Moderate Vendor: The Apache Software Foundation Versions affected: Apache Hive 0.13.0 Users affected: Users who have enabled SQL standards based authorization mode. Description: In SQL...

3.5CVSS0.5AI score0.00322EPSS

securityvulns•added 2014/06/14 12:0 a.m.•67 views

CVE-2014-2232 - "Absolute Path Traversal" (CWE-36) vulnerability in "infoware MapSuite"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2232 =================== "Absolute Path Traversal" CWE-36 vulnerability in "infoware MapSuite" Vendor =================== infoware GmbH Product =================== MapSuite Affected versions =================== This vulnerability affects...

5CVSS0.1AI score0.00493EPSS

securityvulns•added 2014/06/14 12:0 a.m.•59 views

CVE-2014-2843 - "Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "infoware MapSuite"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2843 =================== "Reflected Cross-Site Scripting XSS" CWE-79 vulnerability in "infoware MapSuite" Vendor =================== infoware GmbH Product =================== MapSuite Affected versions =================== This vulnerability...

6.3AI score0.00417EPSS

securityvulns•added 2014/06/14 12:0 a.m.•90 views

[RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager

Advisory: Directory Traversal in DevExpress ASP.NET File Manager During a penetration test RedTeam Pentesting discovered a directory traversal vulnerability in DevExpress' ASP.NET File Manager and File Upload. Attackers are able to read arbitrary files by specifying a relative path. Details =====...

6.5CVSS5.8AI score0.09554EPSS

securityvulns•added 2014/06/13 12:0 a.m.•49 views

AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions

Asterisk Project Security Advisory - AST-2014-008 Product Asterisk Summary Denial of Service in PJSIP Channel Driver Subscriptions Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Moderate Exploits Known No Reported On 28 May, 2014 Reported By Mark...

4.3CVSS6.4AI score0.01637EPSS

securityvulns•added 2014/06/13 12:0 a.m.•36 views

IBM AIX privilege escalation

libodm insecure files creation...

6.9CVSS3AI score0.00183EPSS

Exploits5References1Affected Software1

securityvulns•added 2014/06/13 12:0 a.m.•42 views

Linux syscall auditing DoS

System crash on audited syscall with large number...

3.3CVSS1.6AI score0.00089EPSS

Exploits0References1

securityvulns•added 2014/06/13 12:0 a.m.•56 views

CVE-2014-3977 - Privilege Escalation in IBM AIX

Vulnerability title: Privilege Escalation in IBM AIX CVE: CVE-2014-3977 Vendor: IBM Product: AIX Affected version: 6.1.8 and later Fixed version: N/A Reported by: Tim Brown Details: It has been identified that libodm allows privilege escalation via arbitrary file writes with elevated privileges...

6.9CVSS0.3AI score0.00454EPSS

securityvulns•added 2014/06/13 12:0 a.m.•32 views

miniupnpc buffer overflow

Signed to unsigned conversion leads to buffer overflow...

5CVSS5AI score0.01931EPSS

Exploits1References1

securityvulns•added 2014/06/13 12:0 a.m.•45 views

Cisco IOS XR DoS

DoS via IPv6 packet...

7.1CVSS3.2AI score0.00819EPSS

Total number of security vulnerabilities47153