Securityvulns - Page 74 of Securityvulns Vulnerabilities List

securityvulns•added 2014/01/19 12:0 a.m.•96 views

CVE-2013-6429 Fix for XML External Entity (XXE) injection (CVE-2013-4152) in Spring Framework was incomplete

Severity: Important Vendor: Spring by Pivotal Versions Affected: - Spring MVC 3.0.0 to 3.2.4 - Spring MVC 4.0.0.M1-4.0.0.RC1 - Earlier unsupported versions may be affected Description: Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external...

6.8CVSS0.5AI score0.90455EPSS

securityvulns•added 2014/01/19 12:0 a.m.•61 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.90455EPSS

Exploits6References7Affected Software7

securityvulns•added 2014/01/19 12:0 a.m.•88 views

Open-Xchange Security Advisory 2014-01-17

Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 30357 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 7.4.1 and earlier Vulnerable component: backend Fixed version: 7.2.2-rev29, 7.4.0-rev24,...

4.3CVSS0.4AI score0.01792EPSS

securityvulns•added 2014/01/19 12:0 a.m.•56 views

[ MDVSA-2014:006 ] libxslt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:006 http://www.mandriva.com/en/support/security/ Package : libxslt Date : January 16, 2014 Affected: Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in ejabberd:...

5CVSS7.6AI score0.02363EPSS

securityvulns•added 2014/01/19 12:0 a.m.•74 views

CVE-2013-4200 - Plone URL redirection / Forwarding of cookie data (session hijack) in certain browsers

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Plone CMS Vendor: Plone Foundation http://plone.org IDs: CSNC-2013-013, CVE-2013-4200 Subject: URL Redirection Vulnerability Risk: High Effect: Remotely exploitable Author: Cyrill Bannwart [email protected]...

5.8CVSS6.4AI score0.02361EPSS

securityvulns•added 2014/01/19 12:0 a.m.•108 views

SQL Injection in Sexy Polling Joomla Extension

Advisory ID: HTB23193 Product: Sexy Polling Joomla Extension Vendor: 2GLux Vulnerable Versions: 1.0.8 and probably prior Tested Version: 1.0.8 Advisory Publication: December 26, 2013 without technical details Vendor Notification: December 26, 2013 Vendor Patch: January 8, 2014 Public Disclosure:...

7.5CVSS8.1AI score0.02358EPSS

Exploits3

securityvulns•added 2014/01/19 12:0 a.m.•155 views

[ MDVSA-2014:004 ] nagios

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:004 http://www.mandriva.com/en/support/security/ Package : nagios Date : January 16, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovere...

6.4CVSS7.9AI score0.59546EPSS

securityvulns•added 2014/01/19 12:0 a.m.•56 views

FreeBSD Security Advisory FreeBSD-SA-14:01.bsnmpd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:01.bsnmpd Security Advisory The FreeBSD Project Topic: bsnmpd remote denial of service vulnerability Category: contrib Module: bsnmp Announced: 2014-01-14...

5.8CVSS7.4AI score0.01894EPSS

securityvulns•added 2014/01/15 12:0 a.m.•51 views

Microsoft Windows security vulnerabilities

Privilege escalations via NDProxy and win32k...

7.2CVSS4AI score0.34893EPSS

Exploits16Affected Software1

securityvulns•added 2014/01/15 12:0 a.m.•72 views

[SECURITY] [DSA 2843-1] graphviz security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2843-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 13, 2014 http://www.debian.org/security/faq -...

10CVSS2.5AI score0.06082EPSS

securityvulns•added 2014/01/15 12:0 a.m.•48 views

Microsoft Office multiple security vulnerabilities

Multiple memory corruptions on Microsoft Word documents parsing...

9.3CVSS3.2AI score0.17827EPSS

Exploits3Affected Software1

securityvulns•added 2014/01/15 12:0 a.m.•45 views

graphviz buffer overflow

Buffer overflow on file parsing...

10CVSS4.9AI score0.06082EPSS

Exploits2References1Affected Software1

securityvulns•added 2014/01/15 12:0 a.m.•33 views

Microsoft Dynamics AX DoS

Query filter hangs on request processing...

4CVSS1.2AI score0.10302EPSS

Exploits0Affected Software1

securityvulns•added 2014/01/14 12:0 a.m.•74 views

[security bulletin] HPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04084148 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04084148 Version: 1 HPSBUX02960...

5CVSS0.9AI score0.97549EPSS

Exploits23

securityvulns•added 2014/01/14 12:0 a.m.•35 views

Cisco srtp library buffer overflow

cryptopolicysetfromprofileforrtp function byffer overflow...

2.6CVSS3.7AI score0.0299EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/01/14 12:0 a.m.•64 views

ntp traffic amplification

monlist ntp feature is used in-the-wild for traffic amplification...

5CVSS1.4AI score0.97549EPSS

Exploits23References2Affected Software1

securityvulns•added 2014/01/14 12:0 a.m.•47 views

Lorex DVR ActiveX buffer overflow

INetViewX control buffer overflow...

10CVSS4.1AI score0.29459EPSS

Exploits4References1

securityvulns•added 2014/01/14 12:0 a.m.•75 views

[SECURITY] [DSA 2840-1] srtp security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2840-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 10, 2014 http://www.debian.org/security/faq -...

2.6CVSS1.5AI score0.0299EPSS

securityvulns•added 2014/01/14 12:0 a.m.•29 views

Apache CloudStack security vulnerabilities

Protection bypass, information leakage...

4CVSS2.3AI score0.03675EPSS

Exploits0References2Affected Software1

securityvulns•added 2014/01/14 12:0 a.m.•65 views

Updated [CVE-2014-0031] CloudStack ListNetworkACL API discloses ACLs for other users

Issued: January 9, 2014 Updated: January 10, 2014 CVE-2014-0031 CloudStack ListNetworkACL API discloses ACLs for other users Product: Apache CloudStack Vendor: Apache Software Foundation Vulnerability type: Information Disclosure Vulnerable Versions: Apache CloudStack 4.2.0 CVE References:...

4CVSS0.8AI score0.02151EPSS

securityvulns•added 2014/01/14 12:0 a.m.•22 views

Netgear routers unauthorized password reset

Bug in password recovery logic...

3AI score

Exploits0References1

securityvulns•added 2014/01/14 12:0 a.m.•170 views

TA14-013A: NTP Amplification Attacks Using CVE-2013-5211

NCCIC / US-CERT National Cyber Awareness System: TA14-013A: NTP Amplification Attacks Using CVE-2013-5211 01/13/2014 05:51 PM EST Original release date: January 13, 2014 | Last revised: January 14, 2014 Systems Affected NTP servers Overview A Network Time Protocol NTP Amplification attack is an...

5CVSS1.3AI score0.97549EPSS

Exploits23

securityvulns•added 2014/01/14 12:0 a.m.•68 views

[USN-2081-1] Bind vulnerability

========================================================================== Ubuntu Security Notice USN-2081-1 January 13, 2014 bind9 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

2.6CVSS0.1AI score0.31671EPSS

securityvulns•added 2014/01/14 12:0 a.m.•49 views

Cisco routers backdoor

Undocumented test interface...

10CVSS3.5AI score0.73825EPSS

Exploits3

securityvulns•added 2014/01/14 12:0 a.m.•239 views

NETGEAR WNR1000v3 Password Recovery Vulnerability

Description: Newer firmware versions of the NETGEAR N150 WNR1000v3 wireless router are affected by a password recovery vulnerability. Exploiting this vulnerability allows an attacker to recover the router's plaintext Administrator credentials and subsequently gain full access to the device. This...

0.2AI score

securityvulns•added 2014/01/14 12:0 a.m.•63 views

[ MDVSA-2014:001 ] kernel

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:001 http://www.mandriva.com/en/support/security/ Package : kernel Date : January 13, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been found and corrected in the Linux...

7.2CVSS7.9AI score0.01446EPSS

Exploits5

securityvulns•added 2014/01/14 12:0 a.m.•88 views

Updated [CVE-2013-6398] CloudStack Virtual Router stop/start modifies firewall rules allowing additional access

Issued: November 27, 2013 Updated: January 10, 2014 CVE-2013-6398 CloudStack Virtual Router stop/start modifies firewall rules allowing additional access Product: Apache CloudStack Vendor: Apache Software Foundation Vulnerability type: Bypass Vulnerable Versions: Apache CloudStack 4.1.0, 4.1.1,...

4.3CVSS1AI score0.04051EPSS

securityvulns•added 2014/01/14 12:0 a.m.•51 views

[CVE -2014-1201] Lorex security DVR ActiveX control buffer overflow

Hi, I have discovered a buffer overflow vulnerability that allows remote code execution in an ActiveX control bundled by a manufacturer of video surveillance systems. The company is Lorex Technologies, a major video surveillance manufacturer that is very popular in the US and East Asia. Their...

10CVSS7AI score0.29459EPSS

Exploits4

securityvulns•added 2014/01/14 12:0 a.m.•44 views

ISC bind DoS

Crash on parsing malformed request to NSEC3-signed zone...

2.6CVSS2AI score0.31671EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/01/13 12:0 a.m.•38 views

Conceptronic IP cameras CSRF

Web interface crossite request forgery...

6.8CVSS2AI score0.10595EPSS

Exploits5References1

securityvulns•added 2014/01/13 12:0 a.m.•87 views

[CVE-2013-7204] CSRF in Conceptronic IP Camera (CIPCAMPTIWL)

Hello List, Here I inform you about an easily exploitable CSRF discovered in Conceptronic cameras CIPCAMPTIWL. General Details Affected Product: Conceptronic camera CIPCAMPTIWL Tested Firmware: 21.37.2.49 Tested Web UI Firmware: 0.61.4.18 Assigned CVE: CVE-2013-7204 CVSSv2 Base Score: 5.8...

6.8CVSS0.10595EPSS

Exploits5

securityvulns•added 2014/01/09 12:0 a.m.•68 views

Multiple Vulnerabilities in Horizon QCMS

Advisory ID: HTB23191 Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 25, 2013 Public Disclosure: January 8,...

7.5CVSS8AI score0.01859EPSS

Exploits9

securityvulns•added 2014/01/09 12:0 a.m.•66 views

[CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms

Advisory Information Title: Default markup formatter permits offsite-bound forms Date published : 2013-12-16 Date of last update: 2013-12-16 Vendors contacted : Jenkins CI v 1.523 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information CVE reference: CVE-2013-5573 CVSS v2...

4.3CVSS9.3AI score0.05406EPSS

Exploits5

securityvulns•added 2014/01/09 12:0 a.m.•65 views

[ MDVSA-2013:289 ] owncloud

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:289 http://www.mandriva.com/en/support/security/ Package : owncloud Date : December 17, 2013 Affected: Business Server 1.0 Problem Description: Updated owncloud package fixes security vulnerability: Possible...

6.8CVSS6.2AI score0.02066EPSS

securityvulns•added 2014/01/09 12:0 a.m.•122 views

CSRF, XSS and Redirector vulnerabilities in IBM Lotus Notes Traveler

Hello 3APA3A! These are Cross-Site Request Forgery, Cross-Site Scripting and Redirector vulnerabilities in IBM Lotus Notes Traveler. They are similar to CSRF, XSS and Redirector vulnerabilities in IBM Lotus Domino http://securityvulns.ru/docs29060.html, which I announced at 19.05.2012 and disclos...

5.8CVSS0.2AI score0.01045EPSS

securityvulns•added 2014/01/09 12:0 a.m.•52 views

SAMSPADE 1.14 BUFFER OVERFLOW

Exploit Title: SAMSPADE 1.14 BUFFER OVERFLOW Date: 10-12-2013 Exploit Author: VISHAL MISHRA & NIDHI VERMA Vendor Homepage: http://www.samspade.org/ Software Link: http://www.majorgeeks.com/mg/getmirror/samspade,1.html Version: 1.1.4 beta Tested on: WINDOWS XPsp2 TARGET: windows xpsp2...

2.3AI score

securityvulns•added 2014/01/09 12:0 a.m.•73 views

LiveZilla 5.1.2.0 PHP Object Injection

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7034 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...

7.5CVSS0.8AI score0.01583EPSS

securityvulns•added 2014/01/09 12:0 a.m.•43 views

CSRF, DoS and IL vulnerabilities in WordPress

Hello 3APA3A! As I've announced earlier http://seclists.org/fulldisclosure/2013/Nov/219, I conducted a Day of bugs in WordPress 3. At 30.11.2013 I disclosed many new vulnerabilities in WordPress. I've disclosed 10 holes they were placed at my site for your attention. And this is translation of th...

1AI score

securityvulns•added 2014/01/09 12:0 a.m.•49 views

Information Leakage and Backdoor vulnerabilities in WordPress

0.8AI score

securityvulns•added 2014/01/09 12:0 a.m.•48 views

CORE-2013-1107 - IcoFX Buffer Overflow Vulnerability

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ IcoFX Buffer Overflow Vulnerability 1. Advisory Information Title: IcoFX Buffer Overflow Vulnerability Advisory ID: CORE-2013-1107 Advisory URL: http://www.coresecurity.com/advisories/icofx-buffer-overflow-vulnerability Date...

9.3CVSS0.66998EPSS

Exploits14

securityvulns•added 2014/01/09 12:0 a.m.•76 views

LiveZilla 5.1.2.0 Insecure password storage

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7033 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Status: Partly fixed 0x01 Background LiveZilla, the widely-used and trusted Liv...

4.3CVSS0.2AI score0.01159EPSS

securityvulns•added 2014/01/09 12:0 a.m.•63 views

FlashCanvas 1.5 proxy.php XSS Vulnerability

Advisory Information Title: FlashCanvas proxy.php XSS Vulnerability Date published: 11 December 2013 Reference: CVE-2013-6880 Advisory Summary Script does not adequately verify the Referer header before requesting via curl the remote URL specified in the ‘url’ GET parameter and rendering it. Vend...

0.1AI score0.0138EPSS

securityvulns•added 2014/01/09 12:0 a.m.•92 views

SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection

SEC Consult Vulnerability Lab Security Advisory 20131227-0 ======================================================================= title: XPath Injection product: IBM Web Content Manager WCM vulnerable version: 6.x, 7.x, 8.x fixed version: - impact: high homepage: http://www.ibm.com/ found:...

5CVSS6.5AI score0.03599EPSS

securityvulns•added 2014/01/09 12:0 a.m.•39 views

IBM Web Content Manager information leakage

It's possible to obtain configuration data...

5CVSS1.5AI score0.03599EPSS

Exploits2References1Affected Software1

securityvulns•added 2014/01/09 12:0 a.m.•68 views

SQL Injection in InstantCMS

Advisory ID: HTB23185 Product: InstantCMS Vendor: InstantSoft Vulnerable Versions: 1.10.3 and probably prior Tested Version: 1.10.3 Advisory Publication: November 20, 2013 without technical details Vendor Notification: November 20, 2013 Vendor Patch: November 21, 2013 Public Disclosure: December...

7.5CVSS0.3AI score0.01299EPSS

Exploits7

securityvulns•added 2014/01/09 12:0 a.m.•120 views

LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7032 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...

4.3CVSS0.9AI score0.01854EPSS

securityvulns•added 2014/01/09 12:0 a.m.•101 views

[REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2013-001 ------------------------------------------------------------------------ Advisory ID: REVIVE-SA-2013-001 CVE ID: CVE-2013-7149 Date: 2013-12-20 Security risk: Critical...

7.5CVSS7.1AI score0.02011EPSS