Securityvulns - Page 75 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2014/01/09 12:0 a.m.•23 views

Evernote Android security vulnerabilities

Different protection bypass vulnerabilities...

2.8AI score0.00549EPSS

Exploits1References2Affected Software1

securityvulns•added 2014/01/09 12:0 a.m.•42 views

IBM Lotus Notes Traveler security vulnerabilities

Crossite scripting, CSRF...

5.8CVSS1.6AI score0.01045EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/01/09 12:0 a.m.•114 views

[ MDVSA-2013:288 ] subversion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:288 http://www.mandriva.com/en/support/security/ Package : subversion Date : December 17, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated subversion package fixes...

3.5CVSS8.5AI score0.07858EPSS

securityvulns•added 2014/01/09 12:0 a.m.•73 views

User Identity Spoofing in Bitrix Site Manager

Advisory ID: HTB23183 Product: Bitrix Site Manager Vendor: Bitrix, Inc Vulnerable Versions: 12.5.13 and probably prior Tested Version: 12.5.13 Advisory Publication: November 6, 2013 without technical details Vendor Notification: November 6, 2013 Vendor Patch: November 12, 2013 Public Disclosure:...

7.5CVSS0.4AI score0.01628EPSS

securityvulns•added 2014/01/09 12:0 a.m.•53 views

Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin

Advisory ID: HTB23187 Product: Ad-minister Wordpress plugin Vendor: henrikmelin, kalstrom Vulnerable Versions: 0.6 and probably prior Tested Version: 0.6 Advisory Publication: December 5, 2013 without technical details Vendor Notification: December 5, 2013 Public Disclosure: December 26, 2013...

4.3CVSS6.2AI score0.02023EPSS

securityvulns•added 2014/01/09 12:0 a.m.•35 views

Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities

Document Title: =============== Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1165 Release Date: ============= 2013-12-09 Vulnerability Laboratory ID VL-ID: ==================================...

securityvulns•added 2014/01/09 12:0 a.m.•36 views

DoS vulnerability in Adobe Flash Player (BSOD)

Hello 3APA3A! At beginning of this year I informed you about DoS vulnerability in Adobe Flash. Look at advisory http://seclists.org/fulldisclosure/2013/Apr/9 with exploit and video demonstration http://www.youtube.com/watch?v=xi29KZ3LD80 of previous DoS in Flash. Adobe hiddenly fixed it in the...

securityvulns•added 2014/01/09 12:0 a.m.•47 views

[CVE-2013-5116] Evernote Android Insecure Password Change (one-click setup)

Evernote Android Insecure Password Change one-click setup Product: Evernote Android Project Homepage: evernote.com Internal Advisory ID: c22-2013-05 Vulnerable Versions: Android version 5.5.0 and prior Tested Version: Android 5.x Android 4.2/4.3 Vendor Notification: Aug 13, 2013 Public Disclosure...

1.2AI score0.00483EPSS

securityvulns•added 2014/01/09 12:0 a.m.•62 views

[SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting

SOJOBO-ADV-13-05 - Vtiger 5.4.0 Reflected Cross Site Scripting I. Information ================== Name : Vtiger 5.4.0 Reflected Cross Site Scripting Software : Vtiger 5.4.0 and possibly below. Vendor Homepage : https://www.vtiger.com/ Vulnerability Type : Reflected Cross-Site Scripting Severity :...

securityvulns•added 2014/01/09 12:0 a.m.•75 views

Improper Authentication in Burden

Advisory ID: HTB23192 Product: Burden Vendor: Josh Fradley Vulnerable Versions: 1.8 and probably prior Tested Version: 1.8 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 18, 2013 Public Disclosure: January 8, 2014...

7.5CVSS10AI score0.16075EPSS

securityvulns•added 2014/01/09 12:0 a.m.•52 views

[CVE-2013-2764] Secure Entry Server - URL Redirection

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Secure Entry Server SES Vendor: United Security Providers Ltd. CSNC ID: CSNC-2013-008 CVD ID: CVE-2013-2764 Subject: URL Redirection Risk: High Effect: Remotely exploitable Author: Alexandre Herzog...

securityvulns•added 2014/01/09 12:0 a.m.•74 views

Path Traversal in eduTrac

Advisory ID: HTB23190 Product: eduTrac Vendor: 7 Media Web Solutions, LLC. Vulnerable Versions: 1.1.1-Stable and probably prior Tested Version: 1.1.1-Stable Advisory Publication: December 11, 2013 without technical details Vendor Notification: December 11, 2013 Vendor Patch: December 16, 2013...

5CVSS6.5AI score0.03561EPSS

securityvulns•added 2014/01/09 12:0 a.m.•62 views

[SECURITY] [DSA 2834-1] typo3-src security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2834-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 01, 2014 http://www.debian.org/security/faq -...

6.5CVSS1.6AI score0.0164EPSS

securityvulns•added 2014/01/09 12:0 a.m.•57 views

Сross-Site Request Forgery (CSRF) in AskApache Firefox Adsense Wordpress plugin

Advisory ID: HTB23188 Product: AskApache Firefox Adsense Wordpress plugin Vendor: AskApache Vulnerable Versions: 3.0 and probably prior Tested Version: 3.0 Advisory Publication: December 5, 2013 without technical details Vendor Notification: December 5, 2013 Public Disclosure: December 26, 2013...

6.8CVSS6.8AI score0.01151EPSS

securityvulns•added 2014/01/09 12:0 a.m.•50 views

Android Fragment Injection vulnerability

Hi, We have recently disclosed a new vulnerability to the Android Security Team. The vulnerability affected many apps, including Settings the one that is found on every Android device, Gmail, Google Now, Dropbox and Evernote. To be more accurate, any App which extended the PreferenceActivity clas...

securityvulns•added 2014/01/09 12:0 a.m.•36 views

Hancom Office '.hml' file heap-based buffer overflow

There is a vulnerability in Hancom Office 2010 SE, which can be exploited by malicious people to compromise a user's system. '.hml' is a type of XML document files which is defined by Hancom. Contructing a long TEXTART tag will cause a heap-based buffer overflow. Such as: TEXTART...

securityvulns•added 2014/01/09 12:0 a.m.•20 views

AppStore applications security vulnerabilities

Different iOS applications security vulnerabilities...

Exploits0References1Affected Software2

securityvulns•added 2014/01/09 12:0 a.m.•72 views

LiveZilla 5.1.1.0 Stored XSS in operator clients

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7003 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.1.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...

4.3CVSS1.1AI score0.01854EPSS

securityvulns•added 2014/01/09 12:0 a.m.•56 views

[ MDVSA-2013:290 ] mediawiki

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:290 http://www.mandriva.com/en/support/security/ Package : mediawiki Date : December 17, 2013 Affected: Business Server 1.0 Problem Description: Updated mediawiki packages fix security vulnerabilities: Kevin...

4.3CVSS6.6AI score0.02142EPSS

securityvulns•added 2014/01/09 12:0 a.m.•44 views

Vulnerabilities in plugins for WordPress, Joomla and Plone with Dewplayer

Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in plugins for WordPress, Joomla and Plone with Dewplayer. Earlier I wrote about vulnerabilities in Dewplayer http://seclists.org/fulldisclosure/2013/Dec/192. This is media player, which is used at thousands web sit...

securityvulns•added 2014/01/09 12:0 a.m.•50 views

BF, LE and IAA vulnerabilities in InstantCMS

Hello 3APA3A! As I've announced earlier http://seclists.org/fulldisclosure/2013/Nov/219, I conducted a Day of bugs in WordPress 3. At 30.11.2013 I disclosed many new vulnerabilities in WordPress. I've disclosed 10 holes they were placed at my site for your attention. And this is translation of th...

securityvulns•added 2014/01/09 12:0 a.m.•101 views

[CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Leed Light Feed Vendor: Valentin CARRUESCO aka Idleman CSNC ID: CSNC-2013-005 SQL Injection, CSNC-2013-006 CSRF, CSNC-2013-007 Authentication Bypass CVD ID: CVE-2013-2627 SQL Injection, CVE-2013-2628 CSRF,...

7.5CVSS0.1AI score0.01389EPSS

securityvulns•added 2014/01/09 12:0 a.m.•33 views

Hancom Office buffer overflow

Buffer overflow on HTML parsing...

Exploits0References1

securityvulns•added 2014/01/09 12:0 a.m.•48 views

[CVE-2013-5112] Evernote Android Insecure Storage of PIN data / Bypass of PIN protection

Evernote Android Insecure Storage of PIN data / Bypass of PIN protection Product: Evernote Android Project Homepage: evernote.com Internal Advisory ID: c22-2013-03 / c22-2013-04 Vulnerable Versions: Android version 5.5.0 and prior Tested Version: Android 5.x Android 4.2/4.3 Vendor Notification: A...

1.1AI score0.00549EPSS

securityvulns•added 2014/01/09 12:0 a.m.•22 views

IcoFX buffer overflow

Buffer overflow on .ICO files parsing...

9.3CVSS4.7AI score0.66998EPSS

Exploits14References1Affected Software1

securityvulns•added 2014/01/09 12:0 a.m.•60 views

URL Redirector Abuse and XSS vulnerabilities in WordPress

Hello 3APA3A! As I've announced earlier http://seclists.org/fulldisclosure/2013/Nov/219, I conducted a Day of bugs in WordPress 3. At 30.11.2013 I disclosed many new vulnerabilities in WordPress. I've disclosed 10 holes they were placed at my site for your attention. And this is translation of th...

securityvulns•added 2014/01/09 12:0 a.m.•103 views

[SECURITY] [DSA 2829-1] hplip security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2829-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 28, 2013 http://www.debian.org/security/faq -...

6.9CVSS1.2AI score0.03945EPSS

securityvulns•added 2014/01/09 12:0 a.m.•40 views

hplip multiple security vulnerabilities

Symbolic links vulnerability, code execution, weak permissions...

6.9CVSS1.4AI score0.03945EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/01/09 12:0 a.m.•76 views

Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin

Advisory ID: HTB23189 Product: WP-Cron Dashboard Wordpress plugin Vendor: OKAMOTO Wataru Vulnerable Versions: 1.1.5 and probably prior Tested Version: 1.1.5 Advisory Publication: December 5, 2013 without technical details Vendor Notification: December 5, 2013 Public Disclosure: December 26, 2013...

4.3CVSS6.2AI score0.02035EPSS

securityvulns•added 2014/01/09 12:0 a.m.•23 views

ATI video drivers DoS

Video driver vulnerability leads to system crash. Browser flash plugin may be used as an attack vector...

Exploits0References1

securityvulns•added 2014/01/09 12:0 a.m.•49 views

Vulnerabilities in Dewplayer

Hello 3APA3A! I want to inform you about vulnerabilities in Dewplayer. These are Content Spoofing and Cross-Site Scripting vulnerabilities. There are near 422 000 web sites with dewplayer.swf in Google's index. And it's just one file name and there are other file names of this player such as...

securityvulns•added 2014/01/09 12:0 a.m.•60 views

Vulnerabilities in Apache Solr < 4.6.0

Hello, Apache Solr is search platform edited by the Apache project. Quoting http://lucene.apache.org/solr/:"its major features include powerful full-text search, hit highlighting, faceted search, near real-time indexing, dynamic clustering, database integration, rich document e.g., Word, PDF...

6.4CVSS1.1AI score0.56255EPSS

securityvulns•added 2014/01/09 12:0 a.m.•70 views

XSS and Full Path Disclosure in MijoSearch Joomla Extension

Advisory ID: HTB23186 Product: MijoSearch Vendor: Mijosoft Vulnerable Versions: 2.0.1 and probably prior Tested Version: 2.0.1 Advisory Publication: November 25, 2013 without technical details Vendor Notification: November 25, 2013 Public Disclosure: December 16, 2013 Vulnerability Type: Cross-Si...

6.4AI score0.01113EPSS

securityvulns•added 2014/01/09 12:0 a.m.•75 views

CSP MySQL User Manager v2.3 SQL Injection Authentication Bypass

Exploit Title: CSP MySQL User Manager v2.3 SQL Injection Authentication Bypass Google Dork: intitle:"CSP MySQL User Manager" Date: 8/1/2013 Exploit Author: Youssef mami Vendor Homepage: https://code.google.com/p/cspmum/ Software Link:...

securityvulns•added 2014/01/09 12:0 a.m.•72 views

[ MDVSA-2013:297 ] munin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:297 http://www.mandriva.com/en/support/security/ Package : munin Date : December 20, 2013 Affected: Business Server 1.0 Problem Description: Updated munin packages fix security vulnerabilities: The...

5CVSS6AI score0.02502EPSS

securityvulns•added 2014/01/09 12:0 a.m.•88 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.56255EPSS

Exploits60References33Affected Software24

securityvulns•added 2014/01/08 12:0 a.m.•57 views

OpenSSL security vulnerabilities

TLS 1.2 MitM attacks, potentialy weak PRNGs, DoS...

5.8CVSS2.6AI score0.21174EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/01/08 12:0 a.m.•71 views

[security bulletin] HPSBMU02895 SSRT101253 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03822422 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03822422 Version: 1 HPSBMU02895...

10CVSS1AI score0.66409EPSS

securityvulns•added 2014/01/08 12:0 a.m.•62 views

[CVE-2013-6480] Libcloud doesn't send scrub_data query parameter when destroying a DigitalOcean node

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-6480 Libcloud doesn't send scrubdata query parameter when destroying a DigitalOcean node Severity: Low Vendor: Apache Software Foundation Project: Apache Libcloud http://libcloud.apache.org/ Affected Versions: Apache Libcloud 0.12.3 to 0.13...

2.1CVSS0.3AI score0.0206EPSS

securityvulns•added 2014/01/08 12:0 a.m.•68 views

[security bulletin] HPSBMU02959 rev.1 - HP Service Manager WebTier and Windows Client, Cross-Site Scripting (XSS), Execution of Arbitrary Code and other Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04052075 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04052075 Version: 1 HPSBMU02959 rev....

5.2CVSS1.2AI score0.02639EPSS

securityvulns•added 2014/01/08 12:0 a.m.•29 views

Apache libcloud pritection bypass

Parameter to scrub data after deletion does not acutally work...

2.1CVSS2.8AI score0.0206EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/01/08 12:0 a.m.•28 views

puppet symbolic links vulnerability

Symbolic links vulnerability on temporary files creation...

2.1CVSS1.5AI score0.00428EPSS

Exploits1References1

securityvulns•added 2014/01/08 12:0 a.m.•38 views

SpamTitan multiple securtity vulnerabilities

Crossite scripting, SQL injection, code execution...

Exploits0References1Affected Software1

securityvulns•added 2014/01/08 12:0 a.m.•36 views

HP Data Protector multiple security vulnerabilities

Code execution, privilege escalation, DoS...

10CVSS2.8AI score0.66409EPSS

Exploits23References1Affected Software1

securityvulns•added 2014/01/08 12:0 a.m.•78 views

[security bulletin] HPSBGN02951 rev.1 - HP Operations Orchestration, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04041093 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04041093 Version: 1 HPSBGN02951 rev....

6.8CVSS0.3AI score0.02491EPSS

securityvulns•added 2014/01/08 12:0 a.m.•23 views

HP Officejet Pro 8500 crossite scripting

Crossite scripting in web interface...

4.3CVSS0.7AI score0.02534EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/01/08 12:0 a.m.•32 views

devscripts uscan code execition

Code execution on server reply parsing...

7.5CVSS3.1AI score0.04094EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/01/08 12:0 a.m.•197 views

[security bulletin] HPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03897409 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03897409 Version: 2 HPSBPV02918 rev....

10CVSS9.9AI score0.79003EPSS

securityvulns•added 2014/01/08 12:0 a.m.•37 views

[ MDVSA-2013:255 ] clutter

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:255 http://www.mandriva.com/en/support/security/ Package : clutter Date : October 18, 2013 Affected: Business Server 1.0 Problem Description: Updated clutter packages fix security vulnerability: A security...

2.1CVSS6.1AI score0.00533EPSS

securityvulns•added 2014/01/08 12:0 a.m.•72 views

Command injection in Ruby Gem Webbynode 1.0.5.3

Title: Command injection in Ruby Gem Webbynode 1.0.5.3 Date: 11/11/2013 Author: Larry W. Cashdollar, @larry0 Download: http://rubygems.org/gems/webbynode Vulnerability Description: The following code located in: ./webbynode-1.0.5.3/lib/webbynode/notify.rb doesn't fully sanitize user supplied inpu...

Total number of security vulnerabilities47153