Securityvulns - Page 72 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2014/02/11 12:0 a.m.•61 views

gpEasy v4.3.x CMS - Multiple Web Vulnerabilities

Document Title: =============== gpEasy v4.3.x CMS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1189 Release Date: ============= 2014-02-06 Vulnerability Laboratory ID VL-ID: ==================================== 1189 Comm...

securityvulns•added 2014/02/11 12:0 a.m.•75 views

[SECURITY] [DSA 2853-1] horde3 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2853-1 [email protected] http://www.debian.org/security/ Luciano Bello February 05, 2014 http://www.debian.org/security/faq -...

7.5CVSS2.7AI score0.8135EPSS

securityvulns•added 2014/02/11 12:0 a.m.•82 views

CVE-2014-1214 - Remote Code Execution in Projoom NovaSFH Plugin

Vulnerability title: Remote Code Execution in Projoom NovaSFH Plugin CVE: CVE-2014-1214 Vendor: Projoom Product: NovaSFH Plugin Version: 3.0.3 Reported by: Yuri Kramarz Details: The PHP executable which is responsible for handling file upload functionality allows arbitrary files to be uploaded to...

0.2AI score0.03906EPSS

securityvulns•added 2014/02/11 12:0 a.m.•58 views

WHMCS Denial of Service Vulnerability

!/usr/bin/perl @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@...

securityvulns•added 2014/02/11 12:0 a.m.•70 views

[ISecAuditors Security Advisories] Multiple reflected XSS vulnerabilities in Atmail WebMail

============================================= INTERNET SECURITY AUDITORS ALERT 2013-014 - Original release date: March 25th, 2013 - Last revised: March 25th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Scored - CVE-ID: CVE-2013-6229...

4.3CVSS0.2AI score0.00734EPSS

securityvulns•added 2014/02/11 12:0 a.m.•76 views

CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Publish-It Buffer Overflow Vulnerability 1. Advisory Information Title: Publish-It Buffer Overflow Vulnerability Advisory ID: CORE-2014-0001 Advisory URL:...

9.3CVSS0.1AI score0.81612EPSS

securityvulns•added 2014/02/11 12:0 a.m.•95 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9.3CVSS1.6AI score0.81612EPSS

Exploits32References11Affected Software11

securityvulns•added 2014/02/11 12:0 a.m.•44 views

EMC Documentum Foundation Services unauthorized access

Filesystem access is possible...

9CVSS3.8AI score0.00357EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/02/11 12:0 a.m.•86 views

AlienVault OSSIM SQL Injection vulnerability

INDEX --------------------------------------- 1. Background 2. Description 3. Affected Products 4. Vulnerability 5. Solution 6. Credit 7. Disclosure Timeline 1. BACKGROUND --------------------------------------- OSSIM by AlienVault is an Open Source Security Information and Event Management SIEM...

securityvulns•added 2014/02/11 12:0 a.m.•52 views

ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability

ESA-2014-005.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-005: EMC Documentum Foundation Services DFS Content Access Vulnerability EMC Identifier: ESA-2014-005 CVE Identifier: CVE-2014-0622 Severity Rating: CVSS v2 Base Score: 9 AV:N/AC:L/Au:S/C:C/I:C/A:C Affected products: • EMC DF...

9CVSS0.8AI score0.00357EPSS

securityvulns•added 2014/02/11 12:0 a.m.•82 views

Security advisory, LedgerSMB 1.3.0-1.3.36

Security Advisory: LedgerSMB 1.3.36, Improper Logout on Some Browsers Severity: Low cvssv2 base score: 3.6, total 0.5 Remotely Exploitable: No Complexity of Attack: High Impact: Relatively low. Prerequisite for Attack: Physical Access to Previously Logged In Browser, so high complexity in most...

securityvulns•added 2014/02/11 12:0 a.m.•96 views

Microsoft Windows multiple security vulnerabilities

XML services information leakage, IPv6 DoS, Direct2D memory corruption, .Net privilege escalation, VBScript code execution...

9.3CVSS3.1AI score0.78096EPSS

Exploits13Affected Software1

securityvulns•added 2014/02/11 12:0 a.m.•75 views

[oCERT-2014-001] MantisBT input sanitization errors

2014-001 MantisBT input sanitization errors Description: The MantisBT web-based bugtracking system suffers from SQL injection vulnerabilities caused by insufficient input sanitization. The MantisBT SOAP API uses the unsafe dbquery function allowing a specially crafted tag within the envelope of a...

7.5CVSS0.4AI score0.00605EPSS

securityvulns•added 2014/02/11 12:0 a.m.•62 views

Multiple SQL Injection Vulnerabilities in AuraCMS

Advisory ID: HTB23196 Product: AuraCMS Vendor: AuraCMS Vulnerable Versions: 2.3 and probably prior Tested Version: 2.3 Advisory Publication: January 8, 2014 without technical details Vendor Notification: January 8, 2014 Vendor Patch: January 30, 2014 Public Disclosure: February 5, 2014...

6.5CVSS0.02298EPSS

securityvulns•added 2014/02/11 12:0 a.m.•75 views

SQL Injection in doorGets CMS

Advisory ID: HTB23197 Product: doorGets CMS Vendor: doorGets Vulnerable Versions: 5.2 and probably prior Tested Version: 5.2 Advisory Publication: January 15, 2014 without technical details Vendor Notification: January 15, 2014 Vendor Patch: January 15, 2014 Public Disclosure: February 5, 2014...

6.5CVSS8.1AI score0.01181EPSS

securityvulns•added 2014/02/10 12:0 a.m.•74 views

Inteno DG301 routers code execution

Code execution via web interface...

Exploits0References1

securityvulns•added 2014/02/10 12:0 a.m.•46 views

CVE-2014-1213 - Denial of Service in Sophos Anti Virus

Vulnerability title: Denial of Service in Sophos Anti Virus CVE: CVE-2014-1213 Vendor: Sophos Product: Anti Virus Version: 10.0.11/Engine 3.48.x Reported by: Graham Sutherland Details: The following system objects do not have access control lists ACLs set, thus allowing any user to access and...

5.6CVSS6.3AI score0.00082EPSS

securityvulns•added 2014/02/10 12:0 a.m.•96 views

[USN-2099-1] Perl vulnerability

========================================================================== Ubuntu Security Notice USN-2099-1 February 05, 2014 perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS0.2AI score0.81971EPSS

securityvulns•added 2014/02/10 12:0 a.m.•22 views

Netgear D6300B routers backdoor

Specially crafted network packet activates root level telnet access...

Exploits0References1

securityvulns•added 2014/02/10 12:0 a.m.•70 views

[USN-2098-1] LibYAML vulnerability

========================================================================== Ubuntu Security Notice USN-2098-1 February 04, 2014 libyaml vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.8CVSS0.3AI score0.0806EPSS

securityvulns•added 2014/02/10 12:0 a.m.•45 views

Security Advisory: NETGEAR Router D6300B Firmware: V1.0.0.14_1.0.14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory ID: SYSS-2013-001 Product: NETGEAR Router D6300B / Firmware: V1.0.0.141.0.14 latest Vendor: Netgear Affected Versions: until V1.0.0.141.0.14 latest Tested Versions: V1.0.0.141.0.14 latest Vulnerability Type: Root-Shell, OS Command Injection,...

securityvulns•added 2014/02/10 12:0 a.m.•31 views

Sophos antivirus weak permissions

Weak permssions for system objects...

5.6CVSS2.1AI score0.00082EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/02/10 12:0 a.m.•101 views

Information on recently-fixed Oracle VM VirtualBox vulnerabilities

Hi there, Recently I found a few vulnerabilities in Oracle VM VirtualBox, the open-source virtualization product. These have already been reported to the project, fixed and disclosed in the form of the recent January 2014 Oracle Critical Patch Update at...

3.5CVSS0.1AI score0.00076EPSS

securityvulns•added 2014/02/10 12:0 a.m.•47 views

perl Locale::Maketext code execution

It's possible to call external functions on template compilation...

7.5CVSS2.5AI score0.81971EPSS

Exploits13References1Affected Software1

securityvulns•added 2014/02/10 12:0 a.m.•26 views

Asus routers authentication bypass

AiCloud authentication bypass...

Exploits0References1

securityvulns•added 2014/02/10 12:0 a.m.•33 views

libgadu / libpurple / Pidgin multiple security vulnerabilities

Buffer overflow on libgadu protocol parsing. Yahoo!, XMPP, MSN, HTTP, STUN, IRC protocols and URL parsing DoS. HTTP, SIMPLE protocols and MXit emoticons parsing memory corruptions...

10CVSS2.4AI score0.38978EPSS

Exploits0References1Affected Software2

securityvulns•added 2014/02/10 12:0 a.m.•133 views

Inteno DG301 Command Injection

Background According to the vendor, Inteno DG301 is a high-end Multi-WAN residential gateway with advanced router and bridge functions. 2. Summary Inteno DG301 Powered by LuCI Trunk inteno-1.0.34 and OpenWrt Backfire 10.03.1-RC6 is vulnerable to command injection, which can be exploited directly...

securityvulns•added 2014/02/10 12:0 a.m.•76 views

[USN-2101-1] libgadu vulnerability

========================================================================== Ubuntu Security Notice USN-2101-1 February 10, 2014 libgadu vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS0.4AI score0.03908EPSS

securityvulns•added 2014/02/10 12:0 a.m.•305 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Multiple memory corruptions, crossite scripting, DoS, information leakage...

10CVSS1.6AI score0.47529EPSS

Exploits16Affected Software4

securityvulns•added 2014/02/10 12:0 a.m.•39 views

libav / ffmpeg multiple security vulnerabilities

Vulnerabilitlies in different demuxers and decoders...

9.3CVSS4AI score0.01375EPSS

Exploits3References1

securityvulns•added 2014/02/10 12:0 a.m.•50 views

[SECURITY] [DSA 2855-1] libav security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2855-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 05, 2014 http://www.debian.org/security/faq -...

9.3CVSS1.6AI score0.01375EPSS

securityvulns•added 2014/02/10 12:0 a.m.•48 views

ASUS AiCloud Enabled Routers 12 Models - Authentication bypass and Sensitive file/path disclosure

ASUS routers, which are enabled with the AiCloud service SSL ports, are vulnerable to bypass of authentication and sensitive file disclosure. This vulnerability has been observed in all firmware versions, though the latest version increases the complexity of the attack. By sending a special craft...

securityvulns•added 2014/02/03 12:0 a.m.•58 views

SimplyShare v1.4 iOS - Multiple Web Vulnerabilities

Document Title: =============== SimplyShare v1.4 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1181 Release Date: ============= 2014-01-28 Vulnerability Laboratory ID VL-ID: ==================================== 1181...

securityvulns•added 2014/02/03 12:0 a.m.•61 views

Joomla! JomSocial component < 3.1.0.1 - Remote code execution

------------------------------------------------------------- Joomla! JomSocial component 3.1.0.1 - Remote code execution ------------------------------------------------------------- == Description == - Software link: http://www.jomsocial.com/ - Affected versions: All versions = 2.6 and 3.1.0.1...

securityvulns•added 2014/02/03 12:0 a.m.•69 views

Vulnerabilities within Mura CMS / Sitecore MCS / SmarterMail

These vulnerabilities allow for a complete take over giving full administrative access as well as remote shells on the servers that they are installed on. Each of these suffer from Insecure Direct Object Reference Vulnerabilities. Due to the details of the attack and screen shots, they can be fou...

securityvulns•added 2014/02/03 12:0 a.m.•105 views

SQL Injection in JV Comment Joomla Extension

Advisory ID: HTB23195 Product: JV Comment Joomla Extension Vendor: joomlavi.com Vulnerable Versions: 3.0.2 and probably prior Tested Version: 3.0.2 Advisory Publication: January 2, 2014 without technical details Vendor Notification: January 2, 2014 Vendor Patch: January 14, 2014 Public Disclosure...

4.3CVSS7.8AI score0.00017EPSS

securityvulns•added 2014/02/03 12:0 a.m.•50 views

Cisco Teleprense devices multiple security vulnerabilities

DoS, code execution...

8.3CVSS2.7AI score0.04042EPSS

Exploits0Affected Software1

securityvulns•added 2014/02/03 12:0 a.m.•64 views

Secunia Research: OpenPNE PHP Object Injection Vulnerability

====================================================================== Secunia Research 20/01/2014 OpenPNE PHP Object Injection Vulnerability ====================================================================== Table of Contents Affected...

7.5CVSS1.2AI score0.00675EPSS

securityvulns•added 2014/02/03 12:0 a.m.•155 views

SiteCore XML Control Script Insertion

Hey All, Sitecores “special way” of displaying XML Controls directly allows for a Cross Site Scripting Attack – more can be achieved with these XML Controls and will be documented in another vulnerability report http://target/?xmlcontrol=body20onload=alert123...

securityvulns•added 2014/02/03 12:0 a.m.•35 views

Citrix GoToMeeting information leakage

Information leakage via logs...

5CVSS2.7AI score0.07883EPSS

Exploits3References1Affected Software1

securityvulns•added 2014/02/03 12:0 a.m.•165 views

Code Execution vulnerability in Contact Form 7 for WordPress

Hello 3APA3A! I want to inform you about vulnerability in Contact Form 7 plugin for WordPress. This is Code Execution via Arbitrary File Uploading vulnerability. ------------------------- Affected products: ------------------------- Vulnerable are Contact Form 7 3.5.2 and previous versions. After...

securityvulns•added 2014/02/03 12:0 a.m.•78 views

Vulnerabilities in Contact Form 7 for WordPress

Hello 3APA3A! I want to inform you about vulnerabilities in Contact Form 7 plugin for WordPress. These are Code Execution via Arbitrary File Uploading vulnerabilities two attack vectors. This is addition to previous Code Execution vulnerability in Contact Form 7...

securityvulns•added 2014/02/03 12:0 a.m.•63 views

Security Vulnerabilities in Apache Cordova / PhoneGap

The following email was sent to Apache Cordova/PhoneGap on 12/13/2013, and again on 1/17/2014. As there has been no response, we are re-posting it here to alert the general public of the inherent vulnerabilities in Apache Cordova/PhoneGap. Dear PhoneGap contributors, PhoneGap’s domain whitelistin...

securityvulns•added 2014/02/03 12:0 a.m.•69 views

SEC Consult SA-20140122-0 :: Critical vulnerabilities in T-Mobile HOME NET Router LTE (Huawei B593u-12)

SEC Consult Vulnerability Lab Security Advisory 20140122-0 ======================================================================= title: Multiple critical vulnerabilities product: T-Mobile HOME NET Router LTE / Huawei B593u-12 vulnerable version: V100R001C54SP063 T-Mobile Austria fixed version:...

securityvulns•added 2014/02/03 12:0 a.m.•72 views

[CVE-2014-1607.] Cross Site Scripting(XSS) in Drupal Event calendar module

Advisory ID: hag2014101 Product: EventCalendar Vendor: Drupal Vulnerable Versions: Drupal 7.14 and probably newer version Tested Version: Drupal 7.14 Advisory Publication: January 23, 2014 Vendor Notification: November 20, 2013 Public Disclosure: January 23, 2014 Vulnerability Type: Cross-Site...

4.3CVSS0.1AI score0.00565EPSS

securityvulns•added 2014/02/03 12:0 a.m.•56 views

Ektron CMS Take Over - Hijacking Accounts

I have detailed a vulnerability within Ektron CMS that allows an unauthenticated user to hijack any account. The clear targets of choice for this CMS would be the builtin or admin account. Whilst I found this issue back in 2012, it appears that around 65 are still vulnerable and should be patchin...

securityvulns•added 2014/02/03 12:0 a.m.•38 views

perl-Proc-Daemon weak permissions

Weak pid file permissions...

7.2CVSS1.4AI score0.00036EPSS

Exploits0References1

securityvulns•added 2014/02/03 12:0 a.m.•29 views

SimplyShare multiple security vulnerabilities

Multiple bulit-in web server vulnerabilities...

Exploits0References1Affected Software1

securityvulns•added 2014/02/03 12:0 a.m.•26 views

T-Mobile HOME NET routers multiple security vulnerabilities

Privilege escalation, code execution, directory traversal CSRF...

Exploits0References1

securityvulns•added 2014/02/03 12:0 a.m.•84 views

Cross-Site Scripting (XSS) in Komento Joomla Extension

Advisory ID: HTB23194 Product: Komento Joomla Extension Vendor: Stack Ideas Sdn Bhd. Vulnerable Versions: 1.7.2 and probably prior Tested Version: 1.7.2 Advisory Publication: January 2, 2014 without technical details Vendor Notification: January 2, 2014 Vendor Patch: January 2, 2014 Public...

4.3CVSS0.00734EPSS

Total number of security vulnerabilities47153