Securityvulns - Page 73 of Securityvulns Vulnerabilities List

securityvulns•added 2014/02/03 12:0 a.m.•67 views

Security Vulnerabilities in Apache Cordova / PhoneGap

The following email was sent to Apache Cordova/PhoneGap on 12/13/2013, and again on 1/17/2014. As there has been no response, we are re-posting it here to alert the general public of the inherent vulnerabilities in Apache Cordova/PhoneGap. Dear PhoneGap contributors, PhoneGap’s domain whitelistin...

0.2AI score

securityvulns•added 2014/02/03 12:0 a.m.•66 views

Secunia Research: OpenPNE PHP Object Injection Vulnerability

====================================================================== Secunia Research 20/01/2014 OpenPNE PHP Object Injection Vulnerability ====================================================================== Table of Contents Affected...

7.5CVSS1.2AI score0.01527EPSS

Exploits2

securityvulns•added 2014/02/03 12:0 a.m.•39 views

perl-Proc-Daemon weak permissions

Weak pid file permissions...

7.2CVSS1.4AI score0.00379EPSS

Exploits0References1

securityvulns•added 2014/02/03 12:0 a.m.•89 views

[ MDVSA-2014:021 ] perl-Proc-Daemon

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:021 http://www.mandriva.com/en/support/security/ Package : perl-Proc-Daemon Date : January 24, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated perl-Proc-Daemon package...

7.2CVSS6.1AI score0.00379EPSS

securityvulns•added 2014/02/03 12:0 a.m.•29 views

SimplyShare multiple security vulnerabilities

Multiple bulit-in web server vulnerabilities...

1.7AI score

securityvulns•added 2014/02/03 12:0 a.m.•72 views

Vulnerabilities within Mura CMS / Sitecore MCS / SmarterMail

These vulnerabilities allow for a complete take over giving full administrative access as well as remote shells on the servers that they are installed on. Each of these suffer from Insecure Direct Object Reference Vulnerabilities. Due to the details of the attack and screen shots, they can be fou...

2.1AI score

securityvulns•added 2014/02/03 12:0 a.m.•84 views

[CVE-2013-6235] - Multiple Reflected XSS vulnerabilities in JAMon v2.7

Advisory Information Title: Multiple Reflected XSS vulnerabilities in JAMon Date published: 2013-01-23 Date of last update: 2013-01-23 Vendors contacted: JAMon v 2.7 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information CVE reference: CVE-2013-6235 CVSS v2 Base Score:...

4.3CVSS0.02232EPSS

Exploits2

securityvulns•added 2014/02/03 12:0 a.m.•81 views

[CVE-2014-1607.] Cross Site Scripting(XSS) in Drupal Event calendar module

Advisory ID: hag2014101 Product: EventCalendar Vendor: Drupal Vulnerable Versions: Drupal 7.14 and probably newer version Tested Version: Drupal 7.14 Advisory Publication: January 23, 2014 Vendor Notification: November 20, 2013 Public Disclosure: January 23, 2014 Vulnerability Type: Cross-Site...

4.3CVSS0.1AI score0.02541EPSS

Exploits2

securityvulns•added 2014/02/03 12:0 a.m.•61 views

SimplyShare v1.4 iOS - Multiple Web Vulnerabilities

Document Title: =============== SimplyShare v1.4 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1181 Release Date: ============= 2014-01-28 Vulnerability Laboratory ID VL-ID: ==================================== 1181...

0.3AI score

securityvulns•added 2014/02/01 12:0 a.m.•29 views

libotr downgrade attacks

It's possible to downgrade protocol to 1st version...

4.6AI score

securityvulns•added 2014/02/01 12:0 a.m.•93 views

[SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service

Hello All, Those concerned about security of Java PaaS Platform as a Service or cloud services in general might find the following information interesting. Security Explorations discovered multiple security vulnerabilities in the environment of Oracle 1 Java Cloud Service 2. Among a total of 28...

0.2AI score

securityvulns•added 2014/02/01 12:0 a.m.•46 views

QEMU / Xen multiple security vulnerabilities

DoS, privilege escalation...

6CVSS2.8AI score0.00585EPSS

Exploits0References1Affected Software2

securityvulns•added 2014/02/01 12:0 a.m.•26 views

Mozilla Thunderbird code execution

It's possible to execute javascript via object tag...

3.4AI score

Exploits0References1

securityvulns•added 2014/02/01 12:0 a.m.•58 views

[USN-2096-1] Linux kernel vulnerability

========================================================================== Ubuntu Security Notice USN-2096-1 January 31, 2014 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.9CVSS0.2AI score0.34649EPSS

Exploits16

securityvulns•added 2014/02/01 12:0 a.m.•43 views

[USN-2091-1] OTR vulnerabilities

========================================================================== Ubuntu Security Notice USN-2091-1 January 29, 2014 libotr vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

0.1AI score

securityvulns•added 2014/02/01 12:0 a.m.•76 views

[USN-2092-1] QEMU vulnerabilities

========================================================================== Ubuntu Security Notice USN-2092-1 January 30, 2014 qemu, qemu-kvm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

6CVSS0.1AI score0.00585EPSS

securityvulns•added 2014/02/01 12:0 a.m.•119 views

Mozilla Bug Bounty #5 - WireTap Remote Web Vulnerability

Document Title: =============== Mozilla Bug Bounty 5 - WireTap Remote Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=953 Mozilla Bug Tracking ID: 875818 Video: http://www.vulnerability-lab.com/getcontent.php?id=1182 Partner News...

0.3AI score

securityvulns•added 2014/02/01 12:0 a.m.•113 views

[SECURITY] [DSA 2849-1] curl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2849-1 [email protected] http://www.debian.org/security/ Florian Weimer January 31, 2014 http://www.debian.org/security/faq -...

4CVSS1.3AI score0.05599EPSS

securityvulns•added 2014/01/29 12:0 a.m.•93 views

APPLE-SA-2014-01-22-1 iTunes 11.1.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-01-22-1 iTunes 11.1.4 iTunes 11.1.4 is now available and addresses the following: iTunes Available for: Mac OS X v10.6.8 or later, Windows 8, Windows 7, Vista, XP SP2 or later Impact: An attacker with a privileged network position may...

7.5CVSS0.4AI score0.11999EPSS

securityvulns•added 2014/01/29 12:0 a.m.•115 views

Apple iTunes multiple security vulnerabilities

Multiple vulnerabilities on different formats parsing...

7.5CVSS3AI score0.11999EPSS

securityvulns•added 2014/01/29 12:0 a.m.•58 views

memcached multiple security vulnerabilities

Authentication bypass if SASL is used, few DoS conditions...

4.8CVSS2.3AI score0.01498EPSS

Exploits3References2Affected Software1

securityvulns•added 2014/01/29 12:0 a.m.•36 views

elinks SSL vulnerability

User is not warned on certificate problems...

1.8AI score

securityvulns•added 2014/01/29 12:0 a.m.•45 views

[ MDVSA-2014:009 ] librsvg

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:009 http://www.mandriva.com/en/support/security/ Package : librsvg Date : January 17, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated librsvg and gtk+3.0 packages fix...

4.3CVSS6.3AI score0.03197EPSS

securityvulns•added 2014/01/29 12:0 a.m.•61 views

[SECURITY] [DSA 2846-1] libvirt security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2846-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 17, 2014 http://www.debian.org/security/faq -...

6.8CVSS1.3AI score0.02343EPSS

securityvulns•added 2014/01/29 12:0 a.m.•35 views

libvirt security vulnerabilities

Few DoS conditions...

6.8CVSS2.5AI score0.02343EPSS

Exploits0References1

securityvulns•added 2014/01/29 12:0 a.m.•29 views

libsvg information leakage

Information leakage via external entities...

4.3CVSS2.7AI score0.03197EPSS

securityvulns•added 2014/01/29 12:0 a.m.•54 views

[ MDVSA-2014:008 ] openjpeg

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:008 http://www.mandriva.com/en/support/security/ Package : openjpeg Date : January 17, 2014 Affected: Business Server 1.0 Problem Description: Updated openjpeg package fixes security vulnerabilities: Multipl...

7.5CVSS8.9AI score0.05515EPSS

securityvulns•added 2014/01/29 12:0 a.m.•44 views

OpenJPEG library multiple security vulnerabilities

Memory corruptions, buffer overflows, information leakage...

7.5CVSS3.4AI score0.05515EPSS

Exploits0References2Affected Software1

securityvulns•added 2014/01/29 12:0 a.m.•34 views

[ MDVSA-2014:019 ] elinks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:019 http://www.mandriva.com/en/support/security/ Package : elinks Date : January 22, 2014 Affected: Business Server 1.0 Problem Description: Updated elinks package fixes security vulnerability: When verifyin...

7.2AI score

securityvulns•added 2014/01/29 12:0 a.m.•46 views

PHP DoS

Crash on parsing date intervals...

5CVSS2.2AI score0.04575EPSS

securityvulns•added 2014/01/29 12:0 a.m.•124 views

[ MDVSA-2014:010 ] memcached

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:010 http://www.mandriva.com/en/support/security/ Package : memcached Date : January 17, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been...

4.8CVSS9AI score0.01498EPSS

Exploits3

securityvulns•added 2014/01/29 12:0 a.m.•59 views

[FFRRA-20131213] Crafted ICMP ECHO REQUEST can cause denial of service on Juniper SSG20

FFRI, Inc. Security Advisory Crafted packet can cause denial of service on Juniper SSG20 2014/01/14 === Summary === Crafted ICMP ECHO REQUEST can cause denial of service on Juniper SSG20 === Severity === Middle === Affected Products === Juniper SSG20 Screen OS Firmware Version 6.1.0r5.0 ===...

7.1CVSS6.1AI score0.01881EPSS

securityvulns•added 2014/01/29 12:0 a.m.•32 views

Juniper SSG20 DoS

Crash on ICMP packet processing...

7.1CVSS3AI score0.01881EPSS

Exploits1References1

securityvulns•added 2014/01/29 12:0 a.m.•70 views

[ MDVSA-2014:022 ] augeas

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:022 http://www.mandriva.com/en/support/security/ Package : augeas Date : January 24, 2014 Affected: Business Server 1.0 Problem Description: Updated augeas packages fix security vulnerabilities: Multiple fla...

4.6CVSS5.9AI score0.00446EPSS

securityvulns•added 2014/01/29 12:0 a.m.•43 views

Augeas multiple security vulnerabilities

Weak permissions, symbolic links vulnerabilities...

4.6CVSS2.1AI score0.00446EPSS

securityvulns•added 2014/01/29 12:0 a.m.•39 views

Mozilla NSS SSL connection spoofing

Invalid TLS False Start feature implementation...

5.8CVSS1.9AI score0.01929EPSS

securityvulns•added 2014/01/29 12:0 a.m.•72 views

[USN-2088-1] NSS vulnerability

========================================================================== Ubuntu Security Notice USN-2088-1 January 23, 2014 nss vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

5.8CVSS6.2AI score0.01929EPSS

securityvulns•added 2014/01/29 12:0 a.m.•208 views

[ MDVSA-2014:014 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:014 http://www.mandriva.com/en/support/security/ Package : php Date : January 21, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in php: Th...

7.5CVSS7.3AI score0.35635EPSS

Exploits12

securityvulns•added 2014/01/19 12:0 a.m.•55 views

[ MDVSA-2014:006 ] libxslt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:006 http://www.mandriva.com/en/support/security/ Package : libxslt Date : January 16, 2014 Affected: Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in ejabberd:...

5CVSS7.6AI score0.02363EPSS

securityvulns•added 2014/01/19 12:0 a.m.•55 views

cups information leakage

lppasswd allows to read information from local files...

1.2CVSS1.6AI score0.00446EPSS

securityvulns•added 2014/01/19 12:0 a.m.•58 views

[USN-2082-1] CUPS vulnerability

========================================================================== Ubuntu Security Notice USN-2082-1 January 15, 2014 cups vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

1.2CVSS0.2AI score0.00446EPSS

securityvulns•added 2014/01/19 12:0 a.m.•35 views

Cisco Secure Access Control System multiple security vulnerabilities

Uauthorized access, commands injection...

10CVSS3.1AI score0.05929EPSS

Exploits0Affected Software1

securityvulns•added 2014/01/19 12:0 a.m.•56 views

[SECURITY] [DSA 2841-1] movabletype-opensource security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2841-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 11, 2014 http://www.debian.org/security/faq -...

4.3CVSS1.9AI score0.02441EPSS

securityvulns•added 2014/01/19 12:0 a.m.•154 views

[ MDVSA-2014:004 ] nagios

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:004 http://www.mandriva.com/en/support/security/ Package : nagios Date : January 16, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovere...

6.4CVSS7.9AI score0.59546EPSS

securityvulns•added 2014/01/19 12:0 a.m.•55 views

FreeBSD Security Advisory FreeBSD-SA-14:01.bsnmpd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:01.bsnmpd Security Advisory The FreeBSD Project Topic: bsnmpd remote denial of service vulnerability Category: contrib Module: bsnmp Announced: 2014-01-14...

5.8CVSS7.4AI score0.01894EPSS

securityvulns•added 2014/01/19 12:0 a.m.•107 views

SQL Injection in Sexy Polling Joomla Extension

Advisory ID: HTB23193 Product: Sexy Polling Joomla Extension Vendor: 2GLux Vulnerable Versions: 1.0.8 and probably prior Tested Version: 1.0.8 Advisory Publication: December 26, 2013 without technical details Vendor Notification: December 26, 2013 Vendor Patch: January 8, 2014 Public Disclosure:...

7.5CVSS8.1AI score0.02358EPSS

Exploits3

securityvulns•added 2014/01/19 12:0 a.m.•73 views

CVE-2013-4200 - Plone URL redirection / Forwarding of cookie data (session hijack) in certain browsers

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Plone CMS Vendor: Plone Foundation http://plone.org IDs: CSNC-2013-013, CVE-2013-4200 Subject: URL Redirection Vulnerability Risk: High Effect: Remotely exploitable Author: Cyrill Bannwart [email protected]...

5.8CVSS6.4AI score0.02361EPSS

securityvulns•added 2014/01/19 12:0 a.m.•40 views

libxslt DoS

Crash on XSLT documents parsing...

5CVSS2.7AI score0.0446EPSS

Exploits2References2Affected Software1

securityvulns•added 2014/01/19 12:0 a.m.•90 views

CVE-2013-6430 Possible XSS when using Spring MVC

5.8CVSS6.4AI score0.03198EPSS