Securityvulns - Page 7 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2015/08/24 12:0 a.m.•60 views

[USN-2705-1] Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-2705-1 August 06, 2015 python-keystoneclient, python-keystonemiddleware vulnerabilities ========================================================================== A security issue affects these...

4.3CVSS1.3AI score0.02586EPSS

securityvulns•added 2015/08/24 12:0 a.m.•48 views

Trend Micro Deep Discovery Authentication Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-DDI-0818.txt Vendor: ================================ www.trendmicro.com Product: =================================== Trend Micro Deep Discovery 3.7.1096...

5.5CVSS0.1AI score0.02672EPSS

securityvulns•added 2015/08/24 12:0 a.m.•45 views

[SYSS-2015-026] Denial of Service (CWE-730) and Overly Restrictive Account Lockout Mechanism (CWE-645) in Page2Flip Premium App 2.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-026 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Denial of Service...

securityvulns•added 2015/08/24 12:0 a.m.•65 views

[CVE-2015-4624] Predictable CSRF tokens in WiFi Pineapple firmware <= 2.3.0

Overview =============== WiFi Pineapples are a penetration testing tool used in offensive wireless activities. These devices run on a modified OpenWRT based on netBSD operating system. They include a web-based management interface. It has been discovered they have predictable anti-CSRF tokens bas...

4.3CVSS8AI score0.36954EPSS

securityvulns•added 2015/08/24 12:0 a.m.•57 views

Cross-Site Scripting (XSS) in qTranslate WordPress Plugin

Advisory ID: HTB23265 Product: qTranslate WordPress plugin Vendor: Qian Qin Vulnerable Versions: 2.5.39 and probably prior Tested Version: 2.5.39 Advisory Publication: July 1, 2015 without technical details Vendor Notification: July 1, 2015 Public Disclosure: July 29, 2015 Vulnerability Type:...

4.3CVSS0.2AI score0.02055EPSS

securityvulns•added 2015/08/24 12:0 a.m.•53 views

phpFileManager 0.9.8 Remote Command Execution

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILEMANAGER0728.txt Vendor: ================================ phpfm.sourceforge.net Product: ================================ phpFileManager version 0.9.8 Vulnerability Type:...

securityvulns•added 2015/08/24 12:0 a.m.•55 views

Dell Netvault Backup Remote Denial of Service

Product: Dell Netvault Backup Link: http://software.dell.com/products/netvault-backup/ Vendor: Dell Vulnerable Versions: 10.0.1.24 and probably prior Tested Version: Version 10.0.1.24 Advisory Publication: July 30, 2015 Vendor Notification: January 9, 2015 Public Disclosure: July 30, 2015...

5CVSS1AI score0.08177EPSS

securityvulns•added 2015/08/24 12:0 a.m.•58 views

Privilege escalation through RPC commands in EMC Documentum Content Server (incomplete fix in CVE-2015-4532)

Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed For detailed description see attached VRFHUFG9EBA.txt and VRFHX5OLZ0F.txt, for vendor announcement see CVE-2015-4532 in http://seclists.org/bugtraq/2015/Aug/86. The problem is PoC code...

9CVSS0.5AI score0.03127EPSS

securityvulns•added 2015/08/24 12:0 a.m.•52 views

ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability EMC Identifier: ESA-2015-132 CVE Identifier: CVE-2015-4537 Severity Rating: CVSS v2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Affected products: • EMC Documentum D2 4.2 and earlier Summary: EMC...

3.5CVSS0.5AI score0.01207EPSS

securityvulns•added 2015/08/24 12:0 a.m.•38 views

Cross site request forgery vulnerability in Linksys WAG120N

Hello all, i want to share a problem that i found with Linksys router WAG120N. It could be possible to modify router's configuration when a user visit a webpage with an specific form it is a similar problem that i sent some days ago with Comtrend routers:...

securityvulns•added 2015/08/24 12:0 a.m.•82 views

Ferrari - PHP CGI Argument Injection (RCE) Vulnerability

Document Title: =============== Ferrari - PHP CGI Argument Injection RCE Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1562 Video: http://www.vulnerability-lab.com/getcontent.php?id=1561 Vulnerability Magazine:...

securityvulns•added 2015/08/24 12:0 a.m.•85 views

AirDroid ID - Client Side JSONP Callback Vulnerability

Document Title: =============== AirDroid ID - Client Side JSONP Callback Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1544 Release Date: ============= 2015-07-10 Vulnerability Laboratory ID VL-ID: ==================================== 154...

securityvulns•added 2015/08/24 12:0 a.m.•150 views

SYSS-2015-033: Missing Function Level Access Control (CWE-935) in Page2Flip Premium App 2.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-033 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Missing Function Leve...

securityvulns•added 2015/08/24 12:0 a.m.•37 views

EMC RSA Archer CSRF

Multiple CSRF vulnerabilities...

6.8CVSS3.7AI score0.00981EPSS

Exploits0References1Affected Software1

securityvulns•added 2015/08/24 12:0 a.m.•36 views

vBulletin x.x.x rce "0day"

Not really a 0day since it's fixed in some versions, but still an exploit that doesn't seem to be "that" public. Please note, I didn't find this. vBulletin's memcache setting is vulnerable in certain versionsall before 4.2.2 to an RCE. vBulletin seem to have refused to classify it as a...

securityvulns•added 2015/08/24 12:0 a.m.•36 views

VLC uninitialized pointer dereference

Uninitialized pointer dereference on 3GP parsing...

6.8CVSS3.8AI score0.13337EPSS

Exploits0References1Affected Software1

securityvulns•added 2015/08/24 12:0 a.m.•57 views

[ERPSCAN-15-012] SAP Afaria 7 XComms – Buffer Overflow

ERPSCAN Research Advisory ERPSCAN-15-012 SAP Afaria 7 XComms – Buffer Overflow Application: SAP Afaria 7 Versions Affected: SAP Afaria 7, probably others Vendor URL: http://SAP.com Bugs: Buffer Overflow Sent: 13.03.2015 Reported: 14.03.2015 Vendor response: 14.03.2015 Date of Public Advisory:...

7.5CVSS0.2AI score0.03187EPSS

securityvulns•added 2015/08/24 12:0 a.m.•37 views

Dell Netvault Backup DoS

Crash on network request parsing...

5CVSS2.9AI score0.08177EPSS

Exploits5References1Affected Software1

securityvulns•added 2015/08/24 12:0 a.m.•33 views

Multiple XSS vulnerabilities in FortiSandbox WebUI

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-FORTISANDBOX-0801.txt Vendor: ================================ www.fortinet.com PSIRT ID: 1418018 Product: ================================== FortiSandbox 3000D v2.02...

securityvulns•added 2015/08/24 12:0 a.m.•64 views

Design Infotech CMS - SQL Injection Vulnerability

========================================================== + Title :- Design Infotech CMS - SQL Injection Vulnerability + Date :- 23 - July - 2015 + Vendor Homepage :- http://www.designinfotech.in/ + Version :- All Versions + Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows + Category :-...

securityvulns•added 2015/08/24 12:0 a.m.•54 views

[SECURITY] [DSA 3322-1] ruby-rack security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3322-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 31, 2015 https://www.debian.org/security/faq...

5CVSS3.2AI score0.07778EPSS

securityvulns•added 2015/08/24 12:0 a.m.•54 views

[SYSS-2015-029] Insecure Direct Object Reference (CWE-932) in Page2Flip Premium App 2.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-029 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Insecure Direct Objec...

securityvulns•added 2015/08/24 12:0 a.m.•63 views

phpFileManager 0.9.8 CSRF Backdoor Shell Vulnerability

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILEMANAGER0729.txt Vendor: ================================ phpfm.sourceforge.net Product: ============================ phpFileManager version 0.9.8 Vulnerability Type:...

securityvulns•added 2015/08/24 12:0 a.m.•44 views

[security bulletin] HPSBGN03386 rev.1 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, Local Discl

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04751893 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04751893 Version: 1 HPSBGN03386 rev.1 - HP Central View Fraud Risk Management,...

9CVSS0.5AI score0.0205EPSS

securityvulns•added 2015/08/24 12:0 a.m.•81 views

WebSolutions India Design CMS - SQL Injection Vulnerability

Document Title: =============== WebSolutions India Design CMS - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1577 Release Date: ============= 2015-08-20 Vulnerability Laboratory ID VL-ID: ===================================...

securityvulns•added 2015/08/24 12:0 a.m.•37 views

conntrack DoS

Crash on different network packets...

5CVSS2.1AI score0.03202EPSS

Exploits1References1Affected Software1

securityvulns•added 2015/08/24 12:0 a.m.•40 views

Pdf Shaper Buffer Overflow

This module requires Metabuffer: http://metabuffer.com/download Current source: https://github.com/rapid7/metabuffer-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank definition: http://dev.metabuffer.com/redmine/projects/framework/wiki/ExploitRanking...

securityvulns•added 2015/08/24 12:0 a.m.•54 views

SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20150805-0 ======================================================================= title: Stack buffer overflow in handledebugnetwork product: Websense Triton Content Manager vulnerable version: 8.0.0...

4CVSS7.1AI score0.01842EPSS

securityvulns•added 2015/08/24 12:0 a.m.•163 views

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Flex BlazeDS 4.7.0 Description: When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations...

5CVSS0.8AI score0.0954EPSS

securityvulns•added 2015/08/24 12:0 a.m.•55 views

[SECURITY] [DSA 3328-1] wordpress security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3328-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst August 04, 2015 https://www.debian.org/security/faq -...

4.3CVSS0.9AI score0.08814EPSS

securityvulns•added 2015/08/24 12:0 a.m.•53 views

[security bulletin] HPSBGN03395 rev.1 - HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX, Remote Code Execution

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04771027 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04771027 Version: 1 HPSBGN03395 rev.1 - HP KeyView running on HP-UX, Linux,...

7.5CVSS0.6AI score0.113EPSS

securityvulns•added 2015/08/24 12:0 a.m.•49 views

PHPfileNavigator 2.3.3 Persistent & Reflected XSS

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812c.txt Vendor: ================================ pfn.sourceforge.net Product: =================================== PHPfileNavigator v2.3.3 pfn Is...

securityvulns•added 2015/08/24 12:0 a.m.•96 views

Device Inspector v1.5 iOS - Command Inject Vulnerabilities

Document Title: =============== Device Inspector v1.5 iOS - Command Inject Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1558 Release Date: ============= 2015-08-07 Vulnerability Laboratory ID VL-ID: ====================================...

securityvulns•added 2015/08/24 12:0 a.m.•52 views

[SECURITY] [DSA 3341-1] conntrack security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3341-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 20, 2015 https://www.debian.org/security/faq...

5CVSS2.3AI score0.03202EPSS

securityvulns•added 2015/08/24 12:0 a.m.•43 views

CVE-2015-5699 - Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation

Title =================== Cumulus Linux's Switch Configuration Tools Backend, clcmdserver, Vulnerable to Local Privilege Escalation Summary =================== Cumulus Linux's Switch Configuration Tools Backend, clcmdserver, is vulnerable to local privilege escalation via Command Injection. Cumul...

7.2CVSS1.2AI score0.00404EPSS

securityvulns•added 2015/08/24 12:0 a.m.•52 views

UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability

Document Title: =============== UBNT Bug Bounty 1 - Client Side Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1465 52988 Release Date: ============= 2015-08-17 Vulnerability Laboratory ID VL-ID:...

securityvulns•added 2015/08/24 12:0 a.m.•40 views

ESA-2015-094: RSA Archer® GRC Multiple Cross-Site Request Forgery Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-094: RSA Archer® GRC Multiple Cross-Site Request Forgery Vulnerabilities EMC Identifier: ESA-2015-094 CVE Identifier: CVE-2015-0542 Severity Rating: CVSS v2 Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N Affected Products: RSA Archer GRC 5.5 SP1...

6.8CVSS0.1AI score0.00981EPSS

securityvulns•added 2015/08/24 12:0 a.m.•53 views

phpipam-1.1.010 XSS Vulnerability

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPIPAM0812.txt Vendor: ================================ phpipam.net Product: ====================================== phpipam-1.1.010 Vulnerability Type:...

securityvulns•added 2015/08/24 12:0 a.m.•42 views

[SYSS-2015-030] Improper Handling of Insufficient Privileges (CWE-274) in Page2Flip Premium App 2.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-030 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Improper Handling of...

securityvulns•added 2015/08/24 12:0 a.m.•42 views

phpipam-1.1.010 XSS Vulnerability

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPIPAM0812.txt Vendor: ================================ phpipam.net Product: ====================================== phpipam-1.1.010 Vulnerability Type:...

securityvulns•added 2015/08/24 12:0 a.m.•39 views

SAP Mobile Platform DataVault multiple security vulnerabilities

Multiple cryptographical vulnerabilities...

Exploits0References3Affected Software1

securityvulns•added 2015/08/24 12:0 a.m.•68 views

[USN-2704-1] Swift vulnerabilities

========================================================================== Ubuntu Security Notice USN-2704-1 August 06, 2015 swift vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5.5CVSS0.5AI score0.03949EPSS

securityvulns•added 2015/08/24 12:0 a.m.•105 views

UDID+ v2.5 iOS - Mail Command Inject Vulnerability

Document Title: =============== UDID+ v2.5 iOS - Mail Command Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1542 Release Date: ============= 2015-07-06 Vulnerability Laboratory ID VL-ID: ==================================== 1542...

securityvulns•added 2015/08/24 12:0 a.m.•36 views

[Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2015-010: SAP Mobile Platform DataVault Keystream Recovery 1. Impact on Business - --------------------- By exploiting this vulnerability an attacker with access to a vulnerable mobile device would be able to decrypt...

securityvulns•added 2015/08/24 12:0 a.m.•51 views

Trend Micro Deep Discovery XSS

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-DDI-081815b.txt Vendor: ================================ www.trendmicro.com Product: ============================================================== Trend Micro...

4.3CVSS0.02718EPSS

securityvulns•added 2015/08/24 12:0 a.m.•30 views

Websense Triton Content Manager buffer overflow

Buffer overflow on request parsing...

4CVSS4.3AI score0.01842EPSS

Exploits2References1Affected Software1

securityvulns•added 2015/08/24 12:0 a.m.•235 views

[SYSS-2015-028] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-028 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Cross-Site Scripting...

securityvulns•added 2015/08/24 12:0 a.m.•38 views

[Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2015-012: SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage 1. Impact on Business - --------------------- By exploiting this vulnerability an attacker with access to a vulnerable mobile device...

securityvulns•added 2015/08/24 12:0 a.m.•67 views

[SECURITY] [DSA 3340-1] zendframework security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3340-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 19, 2015 https://www.debian.org/security/faq -...

6.8CVSS2AI score0.09911EPSS

securityvulns•added 2015/08/24 12:0 a.m.•57 views

[oCERT-2015-009] VLC arbitrary pointer dereference

2015-009 VLC arbitrary pointer dereference Description: The VLC media player is an open source media player and streaming media server. The stable VLC version suffers from an arbitrary pointer dereference vulnerability. The vulnerability affects the 3GP file format parser, insufficient restrictio...

6.8CVSS1.4AI score0.13337EPSS

Total number of security vulnerabilities47153