Securityvulns - Page 72 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2014/02/11 12:0 a.m.•59 views

ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability

ESA-2014-005.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-005: EMC Documentum Foundation Services DFS Content Access Vulnerability EMC Identifier: ESA-2014-005 CVE Identifier: CVE-2014-0622 Severity Rating: CVSS v2 Base Score: 9 AV:N/AC:L/Au:S/C:C/I:C/A:C Affected products: • EMC DF...

9CVSS0.8AI score0.02992EPSS

securityvulns•added 2014/02/11 12:0 a.m.•99 views

Microsoft Windows multiple security vulnerabilities

XML services information leakage, IPv6 DoS, Direct2D memory corruption, .Net privilege escalation, VBScript code execution...

9.3CVSS3.1AI score0.69801EPSS

Exploits13Affected Software1

securityvulns•added 2014/02/11 12:0 a.m.•80 views

[SECURITY] [DSA 2853-1] horde3 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2853-1 [email protected] http://www.debian.org/security/ Luciano Bello February 05, 2014 http://www.debian.org/security/faq -...

7.5CVSS2.7AI score0.42895EPSS

securityvulns•added 2014/02/11 12:0 a.m.•90 views

SQL Injection in doorGets CMS

Advisory ID: HTB23197 Product: doorGets CMS Vendor: doorGets Vulnerable Versions: 5.2 and probably prior Tested Version: 5.2 Advisory Publication: January 15, 2014 without technical details Vendor Notification: January 15, 2014 Vendor Patch: January 15, 2014 Public Disclosure: February 5, 2014...

6.5CVSS8.1AI score0.02269EPSS

securityvulns•added 2014/02/11 12:0 a.m.•78 views

[ISecAuditors Security Advisories] Multiple reflected XSS vulnerabilities in Atmail WebMail

============================================= INTERNET SECURITY AUDITORS ALERT 2013-014 - Original release date: March 25th, 2013 - Last revised: March 25th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Scored - CVE-ID: CVE-2013-6229...

4.3CVSS0.2AI score0.01779EPSS

securityvulns•added 2014/02/11 12:0 a.m.•46 views

EMC Documentum Foundation Services unauthorized access

Filesystem access is possible...

9CVSS3.8AI score0.02992EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/02/11 12:0 a.m.•63 views

gpEasy v4.3.x CMS - Multiple Web Vulnerabilities

Document Title: =============== gpEasy v4.3.x CMS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1189 Release Date: ============= 2014-02-06 Vulnerability Laboratory ID VL-ID: ==================================== 1189 Comm...

securityvulns•added 2014/02/11 12:0 a.m.•87 views

AlienVault OSSIM SQL Injection vulnerability

INDEX --------------------------------------- 1. Background 2. Description 3. Affected Products 4. Vulnerability 5. Solution 6. Credit 7. Disclosure Timeline 1. BACKGROUND --------------------------------------- OSSIM by AlienVault is an Open Source Security Information and Event Management SIEM...

securityvulns•added 2014/02/11 12:0 a.m.•79 views

CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Publish-It Buffer Overflow Vulnerability 1. Advisory Information Title: Publish-It Buffer Overflow Vulnerability Advisory ID: CORE-2014-0001 Advisory URL:...

9.3CVSS0.1AI score0.40359EPSS

securityvulns•added 2014/02/11 12:0 a.m.•70 views

Multiple SQL Injection Vulnerabilities in AuraCMS

Advisory ID: HTB23196 Product: AuraCMS Vendor: AuraCMS Vulnerable Versions: 2.3 and probably prior Tested Version: 2.3 Advisory Publication: January 8, 2014 without technical details Vendor Notification: January 8, 2014 Vendor Patch: January 30, 2014 Public Disclosure: February 5, 2014...

6.5CVSS0.02982EPSS

securityvulns•added 2014/02/11 12:0 a.m.•61 views

WHMCS Denial of Service Vulnerability

!/usr/bin/perl @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@...

securityvulns•added 2014/02/11 12:0 a.m.•89 views

CVE-2014-1214 - Remote Code Execution in Projoom NovaSFH Plugin

Vulnerability title: Remote Code Execution in Projoom NovaSFH Plugin CVE: CVE-2014-1214 Vendor: Projoom Product: NovaSFH Plugin Version: 3.0.3 Reported by: Yuri Kramarz Details: The PHP executable which is responsible for handling file upload functionality allows arbitrary files to be uploaded to...

0.2AI score0.04317EPSS

securityvulns•added 2014/02/11 12:0 a.m.•96 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9.3CVSS1.6AI score0.42895EPSS

Exploits32References11Affected Software11

securityvulns•added 2014/02/11 12:0 a.m.•87 views

Security advisory, LedgerSMB 1.3.0-1.3.36

Security Advisory: LedgerSMB 1.3.36, Improper Logout on Some Browsers Severity: Low cvssv2 base score: 3.6, total 0.5 Remotely Exploitable: No Complexity of Attack: High Impact: Relatively low. Prerequisite for Attack: Physical Access to Previously Logged In Browser, so high complexity in most...

securityvulns•added 2014/02/11 12:0 a.m.•77 views

[oCERT-2014-001] MantisBT input sanitization errors

2014-001 MantisBT input sanitization errors Description: The MantisBT web-based bugtracking system suffers from SQL injection vulnerabilities caused by insufficient input sanitization. The MantisBT SOAP API uses the unsafe dbquery function allowing a specially crafted tag within the envelope of a...

7.5CVSS0.4AI score0.03141EPSS

securityvulns•added 2014/02/10 12:0 a.m.•75 views

Inteno DG301 routers code execution

Code execution via web interface...

Exploits0References1

securityvulns•added 2014/02/10 12:0 a.m.•32 views

Sophos antivirus weak permissions

Weak permssions for system objects...

5.6CVSS2.1AI score0.00973EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/02/10 12:0 a.m.•48 views

ASUS AiCloud Enabled Routers 12 Models - Authentication bypass and Sensitive file/path disclosure

ASUS routers, which are enabled with the AiCloud service SSL ports, are vulnerable to bypass of authentication and sensitive file disclosure. This vulnerability has been observed in all firmware versions, though the latest version increases the complexity of the attack. By sending a special craft...

securityvulns•added 2014/02/10 12:0 a.m.•49 views

Security Advisory: NETGEAR Router D6300B Firmware: V1.0.0.14_1.0.14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory ID: SYSS-2013-001 Product: NETGEAR Router D6300B / Firmware: V1.0.0.141.0.14 latest Vendor: Netgear Affected Versions: until V1.0.0.141.0.14 latest Tested Versions: V1.0.0.141.0.14 latest Vulnerability Type: Root-Shell, OS Command Injection,...

securityvulns•added 2014/02/10 12:0 a.m.•135 views

Inteno DG301 Command Injection

Background According to the vendor, Inteno DG301 is a high-end Multi-WAN residential gateway with advanced router and bridge functions. 2. Summary Inteno DG301 Powered by LuCI Trunk inteno-1.0.34 and OpenWrt Backfire 10.03.1-RC6 is vulnerable to command injection, which can be exploited directly...

securityvulns•added 2014/02/10 12:0 a.m.•79 views

[USN-2101-1] libgadu vulnerability

========================================================================== Ubuntu Security Notice USN-2101-1 February 10, 2014 libgadu vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS0.4AI score0.08174EPSS

securityvulns•added 2014/02/10 12:0 a.m.•33 views

libgadu / libpurple / Pidgin multiple security vulnerabilities

Buffer overflow on libgadu protocol parsing. Yahoo!, XMPP, MSN, HTTP, STUN, IRC protocols and URL parsing DoS. HTTP, SIMPLE protocols and MXit emoticons parsing memory corruptions...

10CVSS2.4AI score0.14809EPSS

Exploits0References1Affected Software2

securityvulns•added 2014/02/10 12:0 a.m.•52 views

CVE-2014-1213 - Denial of Service in Sophos Anti Virus

Vulnerability title: Denial of Service in Sophos Anti Virus CVE: CVE-2014-1213 Vendor: Sophos Product: Anti Virus Version: 10.0.11/Engine 3.48.x Reported by: Graham Sutherland Details: The following system objects do not have access control lists ACLs set, thus allowing any user to access and...

5.6CVSS6.3AI score0.00973EPSS

securityvulns•added 2014/02/10 12:0 a.m.•51 views

[SECURITY] [DSA 2855-1] libav security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2855-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 05, 2014 http://www.debian.org/security/faq -...

9.3CVSS1.6AI score0.03618EPSS

securityvulns•added 2014/02/10 12:0 a.m.•39 views

libav / ffmpeg multiple security vulnerabilities

Vulnerabilitlies in different demuxers and decoders...

9.3CVSS4AI score0.03618EPSS

Exploits3References1

securityvulns•added 2014/02/10 12:0 a.m.•22 views

Netgear D6300B routers backdoor

Specially crafted network packet activates root level telnet access...

Exploits0References1

securityvulns•added 2014/02/10 12:0 a.m.•306 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Multiple memory corruptions, crossite scripting, DoS, information leakage...

10CVSS1.6AI score0.07697EPSS

Exploits16Affected Software4

securityvulns•added 2014/02/10 12:0 a.m.•48 views

perl Locale::Maketext code execution

It's possible to call external functions on template compilation...

7.5CVSS2.5AI score0.61604EPSS

Exploits13References1Affected Software1

securityvulns•added 2014/02/10 12:0 a.m.•98 views

[USN-2099-1] Perl vulnerability

========================================================================== Ubuntu Security Notice USN-2099-1 February 05, 2014 perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS0.2AI score0.61604EPSS

securityvulns•added 2014/02/10 12:0 a.m.•26 views

Asus routers authentication bypass

AiCloud authentication bypass...

Exploits0References1

securityvulns•added 2014/02/10 12:0 a.m.•103 views

Information on recently-fixed Oracle VM VirtualBox vulnerabilities

Hi there, Recently I found a few vulnerabilities in Oracle VM VirtualBox, the open-source virtualization product. These have already been reported to the project, fixed and disclosed in the form of the recent January 2014 Oracle Critical Patch Update at...

3.5CVSS0.1AI score0.00311EPSS

securityvulns•added 2014/02/10 12:0 a.m.•71 views

[USN-2098-1] LibYAML vulnerability

========================================================================== Ubuntu Security Notice USN-2098-1 February 04, 2014 libyaml vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.8CVSS0.3AI score0.09312EPSS

securityvulns•added 2014/02/03 12:0 a.m.•35 views

AmmyAdmin hidden options

Few hidden options allow to use application as a backdoor...

1.6AI score0.03636EPSS

Exploits5References1Affected Software1

securityvulns•added 2014/02/03 12:0 a.m.•57 views

Ektron CMS Take Over - Hijacking Accounts

I have detailed a vulnerability within Ektron CMS that allows an unauthenticated user to hijack any account. The clear targets of choice for this CMS would be the builtin or admin account. Whilst I found this issue back in 2012, it appears that around 65 are still vulnerable and should be patchin...

securityvulns•added 2014/02/03 12:0 a.m.•36 views

Citrix GoToMeeting information leakage

Information leakage via logs...

5CVSS2.7AI score0.03111EPSS

Exploits3References1Affected Software1

securityvulns•added 2014/02/03 12:0 a.m.•50 views

Cisco Teleprense devices multiple security vulnerabilities

DoS, code execution...

8.3CVSS2.7AI score0.02303EPSS

Exploits0Affected Software1

securityvulns•added 2014/02/03 12:0 a.m.•23 views

Apache Cordova/PhoneGap multiple security vulnerabilities

Protection bypass, information leakage...

Exploits0References1Affected Software1

securityvulns•added 2014/02/03 12:0 a.m.•47 views

[CVE-2014-1664] GoToMeeting Information Disclosure via Logging Output (Android)

ADVISORY INFORMATION ======================== Title: GoToMeeting Information Disclosure via Logging Output Android CVE: CVE-2014-1664 CVE Information: ASSIGNED Date published: PUBLIC Date of last update: 01/23/2014 Vendor Contacted: Citrix Release mode: Coordinated Release 2. VULNERABILITY...

5CVSS0.03111EPSS

securityvulns•added 2014/02/03 12:0 a.m.•131 views

Ammyy Admin - Hidden hard-coded option and Access Control vulnerability.

Title: ==== Ammyy Admin - Hidden hard-coded option and Access Control vulnerability. Credit: ====== Name: Bhadresh Patel Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ==== - CVE-2013-5581 for hidden hard-coded option CWE-255. - CVE-2013-5582 for failure...

0.2AI score0.03636EPSS

securityvulns•added 2014/02/03 12:0 a.m.•158 views

SiteCore XML Control Script Insertion

Hey All, Sitecores “special way” of displaying XML Controls directly allows for a Cross Site Scripting Attack – more can be achieved with these XML Controls and will be documented in another vulnerability report http://target/?xmlcontrol=body20onload=alert123...

securityvulns•added 2014/02/03 12:0 a.m.•168 views

Code Execution vulnerability in Contact Form 7 for WordPress

Hello 3APA3A! I want to inform you about vulnerability in Contact Form 7 plugin for WordPress. This is Code Execution via Arbitrary File Uploading vulnerability. ------------------------- Affected products: ------------------------- Vulnerable are Contact Form 7 3.5.2 and previous versions. After...

securityvulns•added 2014/02/03 12:0 a.m.•83 views

Vulnerabilities in Contact Form 7 for WordPress

Hello 3APA3A! I want to inform you about vulnerabilities in Contact Form 7 plugin for WordPress. These are Code Execution via Arbitrary File Uploading vulnerabilities two attack vectors. This is addition to previous Code Execution vulnerability in Contact Form 7...

securityvulns•added 2014/02/03 12:0 a.m.•63 views

Joomla! JomSocial component < 3.1.0.1 - Remote code execution

------------------------------------------------------------- Joomla! JomSocial component 3.1.0.1 - Remote code execution ------------------------------------------------------------- == Description == - Software link: http://www.jomsocial.com/ - Affected versions: All versions = 2.6 and 3.1.0.1...

securityvulns•added 2014/02/03 12:0 a.m.•26 views

T-Mobile HOME NET routers multiple security vulnerabilities

Privilege escalation, code execution, directory traversal CSRF...

Exploits0References1

securityvulns•added 2014/02/03 12:0 a.m.•66 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9.3CVSS1.6AI score0.10683EPSS

Exploits22References14Affected Software10

securityvulns•added 2014/02/03 12:0 a.m.•68 views

Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page

Advisory ID: hag201476 Product: Mediatrix Web Management Interface Vendor: Media5 Corporation Vulnerable Versions: Mediatrix 4402 Device with Firmware Dgw 1.1.13.186 and probably prior Tested Version: Mediatrix 4402 Device with Firmware Dgw 1.1.13.186 Advisory Publication: January 23, 2014 Vendor...

4.3CVSS0.4AI score0.02541EPSS

securityvulns•added 2014/02/03 12:0 a.m.•100 views

Cross-Site Scripting (XSS) in Komento Joomla Extension

Advisory ID: HTB23194 Product: Komento Joomla Extension Vendor: Stack Ideas Sdn Bhd. Vulnerable Versions: 1.7.2 and probably prior Tested Version: 1.7.2 Advisory Publication: January 2, 2014 without technical details Vendor Notification: January 2, 2014 Vendor Patch: January 2, 2014 Public...

4.3CVSS0.01824EPSS

securityvulns•added 2014/02/03 12:0 a.m.•98 views

Multiple Vulnerabilities in Eventum

Advisory ID: HTB23198 Product: Eventum Vendor: Eventum Development Team Vulnerable Versions: 2.3.4 and probably prior Tested Version: 2.3.4 Advisory Publication: January 22, 2014 without technical details Vendor Notification: January 22, 2014 Vendor Patch: January 24, 2014 Public Disclosure:...

9.3CVSS0.2AI score0.10683EPSS

securityvulns•added 2014/02/03 12:0 a.m.•115 views

SQL Injection in JV Comment Joomla Extension

Advisory ID: HTB23195 Product: JV Comment Joomla Extension Vendor: joomlavi.com Vulnerable Versions: 3.0.2 and probably prior Tested Version: 3.0.2 Advisory Publication: January 2, 2014 without technical details Vendor Notification: January 2, 2014 Vendor Patch: January 14, 2014 Public Disclosure...

4.3CVSS7.8AI score0.01391EPSS

securityvulns•added 2014/02/03 12:0 a.m.•71 views

SEC Consult SA-20140122-0 :: Critical vulnerabilities in T-Mobile HOME NET Router LTE (Huawei B593u-12)

SEC Consult Vulnerability Lab Security Advisory 20140122-0 ======================================================================= title: Multiple critical vulnerabilities product: T-Mobile HOME NET Router LTE / Huawei B593u-12 vulnerable version: V100R001C54SP063 T-Mobile Austria fixed version:...

Total number of security vulnerabilities47153