Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
SecurityvulnsRecent
RecentMost viewed

47153 matches found

securityvulns
securityvulnsadded 2014/01/19 12:0 a.m.86 views

CVE-2013-6430 Possible XSS when using Spring MVC

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Plone CMS Vendor: Plone Foundation http://plone.org IDs: CSNC-2013-013, CVE-2013-4200 Subject: URL Redirection Vulnerability Risk: High Effect: Remotely exploitable Author: Cyrill Bannwart [email protected]...

5.8CVSS6.4AI score0.05344EPSS
Exploits1
securityvulns
securityvulnsadded 2014/01/19 12:0 a.m.52 views

FreeBSD Security Advisory FreeBSD-SA-14:01.bsnmpd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:01.bsnmpd Security Advisory The FreeBSD Project Topic: bsnmpd remote denial of service vulnerability Category: contrib Module: bsnmp Announced: 2014-01-14...

5.8CVSS7.4AI score0.0062EPSS
Exploits1
securityvulns
securityvulnsadded 2014/01/19 12:0 a.m.35 views

Cisco Secure Access Control System multiple security vulnerabilities

Uauthorized access, commands injection...

10CVSS3.1AI score0.07117EPSS
Exploits0Affected Software1
securityvulns
securityvulnsadded 2014/01/19 12:0 a.m.153 views

[ MDVSA-2014:004 ] nagios

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:004 http://www.mandriva.com/en/support/security/ Package : nagios Date : January 16, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovere...

6.4CVSS7.9AI score0.48577EPSS
Exploits0
securityvulns
securityvulnsadded 2014/01/19 12:0 a.m.53 views

[ MDVSA-2014:006 ] libxslt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:006 http://www.mandriva.com/en/support/security/ Package : libxslt Date : January 16, 2014 Affected: Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in ejabberd:...

5CVSS7.6AI score0.01505EPSS
Exploits1
securityvulns
securityvulnsadded 2014/01/19 12:0 a.m.101 views

SQL Injection in Sexy Polling Joomla Extension

Advisory ID: HTB23193 Product: Sexy Polling Joomla Extension Vendor: 2GLux Vulnerable Versions: 1.0.8 and probably prior Tested Version: 1.0.8 Advisory Publication: December 26, 2013 without technical details Vendor Notification: December 26, 2013 Vendor Patch: January 8, 2014 Public Disclosure:...

7.5CVSS8.1AI score0.00224EPSS
Exploits3
securityvulns
securityvulnsadded 2014/01/19 12:0 a.m.93 views

CVE-2013-6429 Fix for XML External Entity (XXE) injection (CVE-2013-4152) in Spring Framework was incomplete

Severity: Important Vendor: Spring by Pivotal Versions Affected: - Spring MVC 3.0.0 to 3.2.4 - Spring MVC 4.0.0.M1-4.0.0.RC1 - Earlier unsupported versions may be affected Description: Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external...

6.8CVSS0.5AI score0.67951EPSS
Exploits1
securityvulns
securityvulnsadded 2014/01/19 12:0 a.m.59 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.67951EPSS
Exploits6References7Affected Software7
securityvulns
securityvulnsadded 2014/01/19 12:0 a.m.83 views

Open-Xchange Security Advisory 2014-01-17

Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 30357 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 7.4.1 and earlier Vulnerable component: backend Fixed version: 7.2.2-rev29, 7.4.0-rev24,...

4.3CVSS0.4AI score0.00454EPSS
Exploits0
securityvulns
securityvulnsadded 2014/01/15 12:0 a.m.45 views

graphviz buffer overflow

Buffer overflow on file parsing...

10CVSS4.9AI score0.07859EPSS
Exploits2References1Affected Software1
securityvulns
securityvulnsadded 2014/01/15 12:0 a.m.32 views

Microsoft Dynamics AX DoS

Query filter hangs on request processing...

4CVSS1.2AI score0.13262EPSS
Exploits0Affected Software1
securityvulns
securityvulnsadded 2014/01/15 12:0 a.m.71 views

[SECURITY] [DSA 2843-1] graphviz security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2843-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 13, 2014 http://www.debian.org/security/faq -...

10CVSS2.5AI score0.07859EPSS
Exploits2
securityvulns
securityvulnsadded 2014/01/15 12:0 a.m.47 views

Microsoft Office multiple security vulnerabilities

Multiple memory corruptions on Microsoft Word documents parsing...

9.3CVSS3.2AI score0.37235EPSS
Exploits3Affected Software1
securityvulns
securityvulnsadded 2014/01/15 12:0 a.m.49 views

Microsoft Windows security vulnerabilities

Privilege escalations via NDProxy and win32k...

7.2CVSS4AI score0.72982EPSS
Exploits16Affected Software1
securityvulns
securityvulnsadded 2014/01/14 12:0 a.m.48 views

Cisco routers backdoor

Undocumented test interface...

10CVSS3.5AI score0.65604EPSS
Exploits3
securityvulns
securityvulnsadded 2014/01/14 12:0 a.m.233 views

NETGEAR WNR1000v3 Password Recovery Vulnerability

Description: Newer firmware versions of the NETGEAR N150 WNR1000v3 wireless router are affected by a password recovery vulnerability. Exploiting this vulnerability allows an attacker to recover the router's plaintext Administrator credentials and subsequently gain full access to the device. This...

0.2AI score
Exploits0
securityvulns
securityvulnsadded 2014/01/14 12:0 a.m.58 views

Updated [CVE-2014-0031] CloudStack ListNetworkACL API discloses ACLs for other users

Issued: January 9, 2014 Updated: January 10, 2014 CVE-2014-0031 CloudStack ListNetworkACL API discloses ACLs for other users Product: Apache CloudStack Vendor: Apache Software Foundation Vulnerability type: Information Disclosure Vulnerable Versions: Apache CloudStack 4.2.0 CVE References:...

4CVSS0.8AI score0.00323EPSS
Exploits0
securityvulns
securityvulnsadded 2014/01/14 12:0 a.m.44 views

ISC bind DoS

Crash on parsing malformed request to NSEC3-signed zone...

2.6CVSS2AI score0.51542EPSS
Exploits1References1Affected Software1
securityvulns
securityvulnsadded 2014/01/14 12:0 a.m.74 views

[SECURITY] [DSA 2840-1] srtp security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2840-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 10, 2014 http://www.debian.org/security/faq -...

2.6CVSS1.5AI score0.01807EPSS
Exploits0
securityvulns
securityvulnsadded 2014/01/14 12:0 a.m.20 views

Netgear routers unauthorized password reset

Bug in password recovery logic...

3AI score
Exploits0References1
securityvulns
securityvulnsadded 2014/01/14 12:0 a.m.163 views

TA14-013A: NTP Amplification Attacks Using CVE-2013-5211

NCCIC / US-CERT National Cyber Awareness System: TA14-013A: NTP Amplification Attacks Using CVE-2013-5211 01/13/2014 05:51 PM EST Original release date: January 13, 2014 | Last revised: January 14, 2014 Systems Affected NTP servers Overview A Network Time Protocol NTP Amplification attack is an...

5CVSS1.3AI score0.92136EPSS
Exploits23
securityvulns
securityvulnsadded 2014/01/14 12:0 a.m.47 views

Lorex DVR ActiveX buffer overflow

INetViewX control buffer overflow...

10CVSS4.1AI score0.23197EPSS
Exploits4References1
securityvulns
securityvulnsadded 2014/01/14 12:0 a.m.29 views

Apache CloudStack security vulnerabilities

Protection bypass, information leakage...

4CVSS2.3AI score0.00989EPSS
Exploits0References2Affected Software1
securityvulns
securityvulnsadded 2014/01/14 12:0 a.m.64 views

ntp traffic amplification

monlist ntp feature is used in-the-wild for traffic amplification...

5CVSS1.4AI score0.92136EPSS
Exploits23References2Affected Software1
securityvulns
securityvulnsadded 2014/01/14 12:0 a.m.62 views

[ MDVSA-2014:001 ] kernel

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:001 http://www.mandriva.com/en/support/security/ Package : kernel Date : January 13, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been found and corrected in the Linux...

7.2CVSS7.9AI score0.00564EPSS
Exploits5
securityvulns
securityvulnsadded 2014/01/14 12:0 a.m.44 views

[CVE -2014-1201] Lorex security DVR ActiveX control buffer overflow

Hi, I have discovered a buffer overflow vulnerability that allows remote code execution in an ActiveX control bundled by a manufacturer of video surveillance systems. The company is Lorex Technologies, a major video surveillance manufacturer that is very popular in the US and East Asia. Their...

10CVSS7AI score0.23197EPSS
Exploits4
securityvulns
securityvulnsadded 2014/01/14 12:0 a.m.70 views

[security bulletin] HPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04084148 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04084148 Version: 1 HPSBUX02960...

5CVSS0.9AI score0.92136EPSS
Exploits23
securityvulns
securityvulnsadded 2014/01/14 12:0 a.m.35 views

Cisco srtp library buffer overflow

cryptopolicysetfromprofileforrtp function byffer overflow...

2.6CVSS3.7AI score0.01807EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2014/01/14 12:0 a.m.81 views

Updated [CVE-2013-6398] CloudStack Virtual Router stop/start modifies firewall rules allowing additional access

Issued: November 27, 2013 Updated: January 10, 2014 CVE-2013-6398 CloudStack Virtual Router stop/start modifies firewall rules allowing additional access Product: Apache CloudStack Vendor: Apache Software Foundation Vulnerability type: Bypass Vulnerable Versions: Apache CloudStack 4.1.0, 4.1.1,...

4.3CVSS1AI score0.06724EPSS
Exploits1
securityvulns
securityvulnsadded 2014/01/14 12:0 a.m.67 views

[USN-2081-1] Bind vulnerability

========================================================================== Ubuntu Security Notice USN-2081-1 January 13, 2014 bind9 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

2.6CVSS0.1AI score0.51542EPSS
Exploits1
securityvulns
securityvulnsadded 2014/01/13 12:0 a.m.83 views

[CVE-2013-7204] CSRF in Conceptronic IP Camera (CIPCAMPTIWL)

Hello List, Here I inform you about an easily exploitable CSRF discovered in Conceptronic cameras CIPCAMPTIWL. General Details Affected Product: Conceptronic camera CIPCAMPTIWL Tested Firmware: 21.37.2.49 Tested Web UI Firmware: 0.61.4.18 Assigned CVE: CVE-2013-7204 CVSSv2 Base Score: 5.8...

6.8CVSS0.0119EPSS
Exploits5
securityvulns
securityvulnsadded 2014/01/13 12:0 a.m.37 views

Conceptronic IP cameras CSRF

Web interface crossite request forgery...

6.8CVSS2AI score0.0119EPSS
Exploits5References1
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.19 views

Android sandbox bypassing

It's possible to bypass sandbox restrictions via android.app.Fragment...

3.7AI score
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.46 views

CORE-2013-1107 - IcoFX Buffer Overflow Vulnerability

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ IcoFX Buffer Overflow Vulnerability 1. Advisory Information Title: IcoFX Buffer Overflow Vulnerability Advisory ID: CORE-2013-1107 Advisory URL: http://www.coresecurity.com/advisories/icofx-buffer-overflow-vulnerability Date...

9.3CVSS0.80555EPSS
Exploits14
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.61 views

[SECURITY] [DSA 2834-1] typo3-src security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2834-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 01, 2014 http://www.debian.org/security/faq -...

6.5CVSS1.6AI score0.00486EPSS
Exploits0
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.112 views

[ MDVSA-2013:288 ] subversion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:288 http://www.mandriva.com/en/support/security/ Package : subversion Date : December 17, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated subversion package fixes...

3.5CVSS8.5AI score0.01783EPSS
Exploits0
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.66 views

Multiple Vulnerabilities in Horizon QCMS

Advisory ID: HTB23191 Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 25, 2013 Public Disclosure: January 8,...

7.5CVSS8AI score0.00332EPSS
Exploits9
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.51 views

[CVE-2013-2764] Secure Entry Server - URL Redirection

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Secure Entry Server SES Vendor: United Security Providers Ltd. CSNC ID: CSNC-2013-008 CVD ID: CVE-2013-2764 Subject: URL Redirection Risk: High Effect: Remotely exploitable Author: Alexandre Herzog...

0.00298EPSS
Exploits1
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.42 views

IBM Lotus Notes Traveler security vulnerabilities

Crossite scripting, CSRF...

5.8CVSS1.6AI score0.00236EPSS
Exploits1References1Affected Software1
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.59 views

[SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting

SOJOBO-ADV-13-05 - Vtiger 5.4.0 Reflected Cross Site Scripting I. Information ================== Name : Vtiger 5.4.0 Reflected Cross Site Scripting Software : Vtiger 5.4.0 and possibly below. Vendor Homepage : https://www.vtiger.com/ Vulnerability Type : Reflected Cross-Site Scripting Severity :...

7.2AI score
Exploits0
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.57 views

URL Redirector Abuse and XSS vulnerabilities in WordPress

Hello 3APA3A! As I've announced earlier http://seclists.org/fulldisclosure/2013/Nov/219, I conducted a Day of bugs in WordPress 3. At 30.11.2013 I disclosed many new vulnerabilities in WordPress. I've disclosed 10 holes they were placed at my site for your attention. And this is translation of th...

Exploits0
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.40 views

[CVE-2013-5116] Evernote Android Insecure Password Change (one-click setup)

Evernote Android Insecure Password Change one-click setup Product: Evernote Android Project Homepage: evernote.com Internal Advisory ID: c22-2013-05 Vulnerable Versions: Android version 5.5.0 and prior Tested Version: Android 5.x Android 4.2/4.3 Vendor Notification: Aug 13, 2013 Public Disclosure...

1.2AI score0.00087EPSS
Exploits0
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.48 views

Сross-Site Request Forgery (CSRF) in AskApache Firefox Adsense Wordpress plugin

Advisory ID: HTB23188 Product: AskApache Firefox Adsense Wordpress plugin Vendor: AskApache Vulnerable Versions: 3.0 and probably prior Tested Version: 3.0 Advisory Publication: December 5, 2013 without technical details Vendor Notification: December 5, 2013 Public Disclosure: December 26, 2013...

6.8CVSS6.8AI score0.00137EPSS
Exploits4
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.113 views

CSRF, XSS and Redirector vulnerabilities in IBM Lotus Notes Traveler

Hello 3APA3A! These are Cross-Site Request Forgery, Cross-Site Scripting and Redirector vulnerabilities in IBM Lotus Notes Traveler. They are similar to CSRF, XSS and Redirector vulnerabilities in IBM Lotus Domino http://securityvulns.ru/docs29060.html, which I announced at 19.05.2012 and disclos...

5.8CVSS0.2AI score0.00236EPSS
Exploits1
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.38 views

IBM Web Content Manager information leakage

It's possible to obtain configuration data...

5CVSS1.5AI score0.01255EPSS
Exploits2References1Affected Software1
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.66 views

LiveZilla 5.1.2.0 PHP Object Injection

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7034 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...

7.5CVSS0.8AI score0.00703EPSS
Exploits0
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.112 views

LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7032 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...

4.3CVSS0.9AI score0.00256EPSS
Exploits2
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.62 views

LiveZilla 5.1.1.0 Stored XSS in operator clients

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7003 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.1.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...

4.3CVSS1.1AI score0.00256EPSS
Exploits2
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.23 views

ATI video drivers DoS

Video driver vulnerability leads to system crash. Browser flash plugin may be used as an attack vector...

4.1AI score
Exploits0References1
securityvulns
securityvulnsadded 2014/01/09 12:0 a.m.43 views

Android Fragment Injection vulnerability

Hi, We have recently disclosed a new vulnerability to the Android Security Team. The vulnerability affected many apps, including Settings the one that is found on every Android device, Gmail, Google Now, Dropbox and Evernote. To be more accurate, any App which extended the PreferenceActivity clas...

0.1AI score
Exploits0
Total number of security vulnerabilities47153