Securityvulns - Page 63 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2014/05/04 12:0 a.m.•98 views

[SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability

CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Archiva 1.3 to Continuum 1.3.6 - The unsupported versions Archiva 1.2 to 1.2.2 are also affected. Description: A request that included a specially craft...

4.3CVSS0.5AI score0.05484EPSS

securityvulns•added 2014/05/04 12:0 a.m.•24 views

SAP Router timing attacks information leakage

It's possible to find a valid password via statistical attacks...

4.3CVSS3.2AI score0.02818EPSS

Exploits5References1Affected Software1

securityvulns•added 2014/05/04 12:0 a.m.•74 views

[USN-2168-1] Python Imaging Library vulnerabilities

========================================================================== Ubuntu Security Notice USN-2168-1 April 15, 2014 python-imaging vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

4.4CVSS0.5AI score0.00492EPSS

securityvulns•added 2014/05/04 12:0 a.m.•28 views

rsync DoS

Resourcs exhaustion...

7.8CVSS2.3AI score0.04086EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/05/04 12:0 a.m.•43 views

WD Arkeia Network Backup security vulnerabilities

Code execution, directory traversal...

7.5CVSS5.6AI score0.08757EPSS

Exploits6References1Affected Software1

securityvulns•added 2014/05/04 12:0 a.m.•45 views

Different Ruby gems security vulnerabilities

Crossite scripting, code execution, information leakage...

7.5CVSS1.9AI score0.02231EPSS

Exploits6References6Affected Software6

securityvulns•added 2014/05/04 12:0 a.m.•60 views

ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities

ESA-2014-028.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity XXE and Information Disclosure Vulnerabilities EMC Identifier: ESA-2014-028 CVE Identifier: CVE-2014-0644, CVE-2014-0645 Severity Rating: CVSS v2 Base Score: See below for...

7.8CVSS2AI score0.53342EPSS

securityvulns•added 2014/05/04 12:0 a.m.•29 views

Buggy insecure "security" software executes rogue binary during installation and uninstallation

Hi @ll, the $&§ware by the name of "McAfee Security Scanner Plus" that Adobe dares to push to unsuspecting users of Microsoft Windows trying to get flash player from their main distribution page hxxp://get.adobe.com/flashplayer/ was developed, packaged and tested by people who obviously never hea...

securityvulns•added 2014/05/04 12:0 a.m.•39 views

Adobe Reader Mobile code execution

Code execution via unsafe javascript interface...

9.3CVSS3.9AI score0.71996EPSS

Exploits6References1Affected Software1

securityvulns•added 2014/05/04 12:0 a.m.•81 views

[CVE-2014-2715] Cross-site scripting (XSS) vulnerability in Videowhisper

Vulnerability title: Cross-site scripting XSS vulnerability in Videowhisper CVE: CVE-2014-2715 Vendor: VideoWhisper Product: Videowhisper module for Drupal 7 Affected version: 7 Fixed version: Reported by: Mahmoud Ghorbanzadeh Details: Hello, I found Cross-site scripting XSS vulnerability in the...

4.3CVSS2.9AI score0.01148EPSS

securityvulns•added 2014/05/04 12:0 a.m.•93 views

[slackware-security] php (SSA:2014-111-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security php SSA:2014-111-02 New php packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

5CVSS7.7AI score0.0304EPSS

securityvulns•added 2014/05/04 12:0 a.m.•53 views

file utility / libmagic / PHP DoS

Infinite recursion on some file types detection, buffer overread, CPU exhaustion...

5CVSS2.6AI score0.0507EPSS

Exploits2References3Affected Software1

securityvulns•added 2014/05/04 12:0 a.m.•55 views

Ruby Actionpack / Actionmailer multiple security vulnerabilities

DoS, crossite scripting...

6.4CVSS2AI score0.207EPSS

Exploits3References2Affected Software1

securityvulns•added 2014/05/04 12:0 a.m.•79 views

VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own)

VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution Pwn2Own Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application runtime that delivers viewing of...

10CVSS8.8AI score0.0761EPSS

securityvulns•added 2014/05/04 12:0 a.m.•41 views

Bluetooth Text Chat v1.0 iOS - Code Execution Vulnerability

Document Title: =============== Bluetooth Text Chat v1.0 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1250 Release Date: ============= 2014-04-07 Vulnerability Laboratory ID VL-ID: ===================================...

securityvulns•added 2014/05/04 12:0 a.m.•34 views

BlueMe Bluetooth v5.0 iOS - Code Execution Vulnerability

Document Title: =============== BlueMe Bluetooth v5.0 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1251 Release Date: ============= 2014-04-08 Vulnerability Laboratory ID VL-ID: ====================================...

securityvulns•added 2014/05/04 12:0 a.m.•27 views

EMC Cloud Tiering Appliance information leakage

XML External Entity information leakage...

7.8CVSS2AI score0.53342EPSS

Exploits3References1Affected Software1

securityvulns•added 2014/05/04 12:0 a.m.•50 views

CUPS crossite scripting

Crossite scripting in Web interface...

4.3CVSS1.1AI score0.01626EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/05/04 12:0 a.m.•60 views

Apple iOS multiple security vulnerabilities

Unsafe cookie handling, protection ypass, information leakage, multiple WebKit vulnerabilities...

10CVSS1.5AI score0.34782EPSS

Exploits14References1Affected Software1

securityvulns•added 2014/05/04 12:0 a.m.•25 views

libmms buffer overflow

Buffer overflow in getanswer on MMS over HTTP processing...

7.5CVSS2.2AI score0.06097EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/05/04 12:0 a.m.•27 views

Sitecom routers predictable WAP key

Default WAP key can be computed from device MAC address...

Exploits0References1

securityvulns•added 2014/05/04 12:0 a.m.•40 views

Python Imaging Library security vulnerabilities

Symbolic links vulnerabilities...

4.4CVSS2.2AI score0.00492EPSS

Exploits2References1Affected Software1

securityvulns•added 2014/05/04 12:0 a.m.•90 views

[SECURITY] [DSA 2887-1] ruby-actionmailer-3.2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2887-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 27, 2014 http://www.debian.org/security/faq -...

4.3CVSS1.4AI score0.03135EPSS

securityvulns•added 2014/05/04 12:0 a.m.•54 views

[SECURITY] [DSA 2903-1] strongswan security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2903-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez April 14, 2014 http://www.debian.org/security/faq -...

6.4CVSS2.3AI score0.01567EPSS

securityvulns•added 2014/05/04 12:0 a.m.•98 views

[USN-2172-1] CUPS vulnerability

========================================================================== Ubuntu Security Notice USN-2172-1 April 24, 2014 cups vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

4.3CVSS0.4AI score0.01626EPSS

securityvulns•added 2014/05/04 12:0 a.m.•33 views

AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability

Document Title: =============== AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1258 Release Date: ============= 2014-04-22 Vulnerability Laboratory ID VL-ID: ====================================...

securityvulns•added 2014/05/04 12:0 a.m.•65 views

Cross-Site Scripting (XSS) in Open Classifieds

Advisory ID: HTB23204 Product: Open Classifieds Vendor: Open Classifieds Team Vulnerable Versions: 2-2.1.2 and probably prior Tested Version: 2-2.1.2 Advisory Publication: February 19, 2014 without technical details Vendor Notification: February 19, 2014 Vendor Patch: February 20, 2014 Public...

4.3CVSS6.3AI score0.0124EPSS

securityvulns•added 2014/05/04 12:0 a.m.•74 views

Сross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin

Advisory ID: HTB23206 Product: XCloner Wordpress plugin Vendor: XCloner Vulnerable Versions: 3.1.0 and probably prior Tested Version: 3.1.0 Advisory Publication: March 12, 2014 without technical details Vendor Notification: March 12, 2014 Vendor Patch: March 13, 2014 Public Disclosure: April 2,...

6.8CVSS7.3AI score0.02828EPSS

securityvulns•added 2014/05/04 12:0 a.m.•52 views

Vulnerabilities in Js-Multi-Hotel for WordPress

Hello 3APA3A! These are vulnerabilities in Js-Multi-Hotel plugin for WordPress. ------------------------- Affected products: ------------------------- Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions. ------------------------- Affected vendors: ------------------------- Joomlaskin...

securityvulns•added 2014/05/04 12:0 a.m.•56 views

Multiple vulnerabilities in Flexolio for WordPress

Hello 3APA3A! There are Content Spoofing, Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities in Flexolio for WordPress. Which contains TimThumb and CU3ER. In April 2011 I wrote about vulnerabilities in TimThumb...

securityvulns•added 2014/05/04 12:0 a.m.•172 views

Cross-Site Scripting (XSS) in Ilch CMS

Advisory ID: HTB23203 Product: Ilch CMS Vendor: http://ilch.de Vulnerable Versions: 2.0 and probably prior Tested Version: 2.0 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12, 2014 Public Disclosure: March 5, 2014 Vulnerability Type: Cross-Site...

4.3CVSS6.5AI score0.03268EPSS

securityvulns•added 2014/05/04 12:0 a.m.•75 views

SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex

SEC Consult Vulnerability Lab Security Advisory 20140430-0 ======================================================================= title: SQL injection and persistent XSS product: Typo3 3rd party extension sibibtex vulnerable version: sibibtex 0.2.3 fixed version: - impact: critical homepage:...

securityvulns•added 2014/05/04 12:0 a.m.•53 views

SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances

SEC Consult Vulnerability Lab Security Advisory 20140423-0 ======================================================================= title: Path Traversal/Remote Code Execution product: WD Arkeia Virtual Appliance AVA vulnerable version: All Arkeia Network Backup releases ASA/APA/AVA since 7.0.3...

7.5CVSS1.2AI score0.08757EPSS

securityvulns•added 2014/05/04 12:0 a.m.•73 views

Security advisory for Bugzilla 4.5.3, 4.4.3, 4.2.8, and 4.0.12

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: The login form had no CSRF protection, meaning that an attacker could force the victim to log in using the attacker's credential...

4CVSS6.4AI score0.01314EPSS

securityvulns•added 2014/05/04 12:0 a.m.•80 views

Multiple Vulnerabilities in OpenDocMan

Advisory ID: HTB23202 Product: OpenDocMan Vendor: Free Document Management Software Vulnerable Versions: 1.2.7 and probably prior Tested Version: 1.2.7 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12, 2014 Vendor Patch: February 24, 2014 Public...

7.5CVSS0.1AI score0.02582EPSS

securityvulns•added 2014/05/04 12:0 a.m.•75 views

[SECURITY] [DSA 2914-1] drupal6 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2914-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 25, 2014 http://www.debian.org/security/faq -...

4.3CVSS0.5AI score0.01555EPSS

securityvulns•added 2014/05/04 12:0 a.m.•44 views

XSS and CS vulnerabilities in DSMS

Hello 3APA3A! There are Cross-Site Scripting and Content Spoofing vulnerabilities in DSMS. This is commercial CMS. It's used particularly at government site dsmsu.gov.ua - web site of Ministry of Youth and Sport of Ukraine. There are also other vulnerabilities in the system, about which I've...

securityvulns•added 2014/05/04 12:0 a.m.•62 views

SQL Injection in Orbit Open Ad Server

Advisory ID: HTB23208 Product: Orbit Open Ad Server Vendor: OrbitScripts, LLC Vulnerable Versions: 1.1.0 and probably prior Tested Version: 1.1.0 Advisory Publication: March 19, 2014 without technical details Vendor Notification: March 19, 2014 Vendor Patch: March 21, 2014 Public Disclosure: Apri...

7.5CVSS0.3AI score0.01314EPSS

securityvulns•added 2014/05/04 12:0 a.m.•37 views

CS and XSS vulnerabilities in CU3ER

Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in CU3ER. Which I found in October 2013 at one web site. This is popular flash file and in Google's index there are up to million web sites with it near 1060000 sites in October, now near 717000 sites. In last years...

securityvulns•added 2014/05/04 12:0 a.m.•56 views

Multiple vulnerabilities in Js-Multi-Hotel for WordPress

Hello 3APA3A! There are multiple vulnerabilities in Js-Multi-Hotel plugin for WordPress. Earlier I wrote about two other vulnerabilities. These are Abuse of Functionality, Denial of Service, Cross-Site Scripting and Full path disclosure vulnerabilities in Js-Multi-Hotel plugin for WordPress. Ther...

securityvulns•added 2014/05/04 12:0 a.m.•101 views

APPLE-SA-2014-04-22-3 Apple TV 6.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-3 Apple TV 6.1.1 Apple TV 6.1.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker in a privileged network position can obtain web site credentials Descriptio...

10CVSS0.2AI score0.34782EPSS

securityvulns•added 2014/05/04 12:0 a.m.•49 views

FreeBSD Security Advisory FreeBSD-SA-14:05.nfsserver

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:05.nfsserver Security Advisory The FreeBSD Project Topic: Deadlock in the NFS server Category: core Module: nfsserver Announced: 2014-04-08 Credits: Rick...

4CVSS5.9AI score0.02044EPSS

securityvulns•added 2014/05/04 12:0 a.m.•61 views

Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem

Title: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem Author: Larry W. Cashdollar, @larry0 Download Site: http://rubygems.org/gems/Arabic-Prawn CVE: 2014-2322 Date: 12/17/2013 In Arabic-Prawn-0.0.1/lib/stringutfsupport.rb, the following lines pass unsanitized input to the shell. 426 var ...

securityvulns•added 2014/05/04 12:0 a.m.•90 views

Blind SQL Injection Vulnerability in KnowledgeTree <= 3.7.0.2

Product description: ============ KnowledgeTree is document management system that makes it easy to secure, share, track and manage the documents and records. ============ KnowledgeTree Blind SQL Injection CVE-2014-2737 ============ The application is vulnerable to blind SQL injection which is...

7.5CVSS7.5AI score0.01164EPSS

securityvulns•added 2014/05/04 12:0 a.m.•53 views

CS, XSS and FPD vulnerabilities in multiple plugins with CU3ER for WordPress

Hello 3APA3A! Recently I disclosed vulnerabilities in CU3ER http://seclists.org/fulldisclosure/2014/Apr/244 and vulnerabilities in plugins with CU3ER for WordPress, Joomla, SilverStripe and Plone http://seclists.org/fulldisclosure/2014/Apr/251. This is popular flash file and in Google's index the...

securityvulns•added 2014/05/04 12:0 a.m.•72 views

Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin

Advisory ID: HTB23199 Product: VideoWhisper Live Streaming Integration Vendor: VideoWhisper Vulnerable Versions: 4.27.3 and probably prior Tested Version: 4.27.3 Advisory Publication: February 6, 2014 without technical details Vendor Notification: February 6, 2014 Vendor Patch: February 7, 2014...

10CVSS0.1AI score0.10843EPSS

securityvulns•added 2014/05/04 12:0 a.m.•57 views

[USN-2171-1] rsync vulnerability

========================================================================== Ubuntu Security Notice USN-2171-1 April 23, 2014 rsync vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

7.8CVSS1AI score0.04086EPSS

securityvulns•added 2014/05/04 12:0 a.m.•80 views

[SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stored Cross Site Scripting in Ektron CMS 8.7 CVE reference: CVE-2014-2729 Affected platforms: Ektron Web Content Management System Version: 8.7.0 Date: 2013-December-19 Security risk: Medium CVSS - AV:N/AC:L/Au:S/C:P/I:P/A:N Researcher: Joseph Zeng...

3.5CVSS0.00972EPSS

securityvulns•added 2014/05/04 12:0 a.m.•29 views

AppFish Offline Coder v2.2 iOS - Persistent Software Vulnerability

Document Title: =============== AppFish Offline Coder v2.2 iOS - Persistent Software Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1252 Release Date: ============= 2014-04-08 Vulnerability Laboratory ID VL-ID:...

securityvulns•added 2014/05/04 12:0 a.m.•36 views

iVault Private P&V 1.1 iOS - Path Traversal Vulnerability

Document Title: =============== iVault Private P&V 1.1 iOS - Path Traversal Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1253 Release Date: ============= 2014-04-09 Vulnerability Laboratory ID VL-ID: ====================================...

Total number of security vulnerabilities47153