Securityvulns - Page 75 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2014/01/09 12:0 a.m.•73 views

Improper Authentication in Burden

Advisory ID: HTB23192 Product: Burden Vendor: Josh Fradley Vulnerable Versions: 1.8 and probably prior Tested Version: 1.8 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 18, 2013 Public Disclosure: January 8, 2014...

7.5CVSS10AI score0.09794EPSS

securityvulns•added 2014/01/09 12:0 a.m.•70 views

[ MDVSA-2013:297 ] munin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:297 http://www.mandriva.com/en/support/security/ Package : munin Date : December 20, 2013 Affected: Business Server 1.0 Problem Description: Updated munin packages fix security vulnerabilities: The...

5CVSS6AI score0.00719EPSS

securityvulns•added 2014/01/09 12:0 a.m.•34 views

DoS vulnerability in Adobe Flash Player (BSOD)

Hello 3APA3A! At beginning of this year I informed you about DoS vulnerability in Adobe Flash. Look at advisory http://seclists.org/fulldisclosure/2013/Apr/9 with exploit and video demonstration http://www.youtube.com/watch?v=xi29KZ3LD80 of previous DoS in Flash. Adobe hiddenly fixed it in the...

securityvulns•added 2014/01/09 12:0 a.m.•63 views

[CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms

Advisory Information Title: Default markup formatter permits offsite-bound forms Date published : 2013-12-16 Date of last update: 2013-12-16 Vendors contacted : Jenkins CI v 1.523 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information CVE reference: CVE-2013-5573 CVSS v2...

4.3CVSS9.3AI score0.01627EPSS

securityvulns•added 2014/01/09 12:0 a.m.•63 views

[ MDVSA-2013:289 ] owncloud

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:289 http://www.mandriva.com/en/support/security/ Package : owncloud Date : December 17, 2013 Affected: Business Server 1.0 Problem Description: Updated owncloud package fixes security vulnerability: Possible...

6.8CVSS6.2AI score0.00349EPSS

securityvulns•added 2014/01/09 12:0 a.m.•46 views

Vulnerabilities in Dewplayer

Hello 3APA3A! I want to inform you about vulnerabilities in Dewplayer. These are Content Spoofing and Cross-Site Scripting vulnerabilities. There are near 422 000 web sites with dewplayer.swf in Google's index. And it's just one file name and there are other file names of this player such as...

securityvulns•added 2014/01/09 12:0 a.m.•34 views

Hancom Office '.hml' file heap-based buffer overflow

There is a vulnerability in Hancom Office 2010 SE, which can be exploited by malicious people to compromise a user's system. '.hml' is a type of XML document files which is defined by Hancom. Contructing a long TEXTART tag will cause a heap-based buffer overflow. Such as: TEXTART...

securityvulns•added 2014/01/09 12:0 a.m.•22 views

IcoFX buffer overflow

Buffer overflow on .ICO files parsing...

9.3CVSS4.7AI score0.80555EPSS

Exploits14References1Affected Software1

securityvulns•added 2014/01/09 12:0 a.m.•57 views

XSS and Full Path Disclosure in MijoSearch Joomla Extension

Advisory ID: HTB23186 Product: MijoSearch Vendor: Mijosoft Vulnerable Versions: 2.0.1 and probably prior Tested Version: 2.0.1 Advisory Publication: November 25, 2013 without technical details Vendor Notification: November 25, 2013 Public Disclosure: December 16, 2013 Vulnerability Type: Cross-Si...

6.4AI score0.00413EPSS

securityvulns•added 2014/01/09 12:0 a.m.•71 views

[CVE-2013-5676] Plain Text Password In SonarQube Jenkins Plugin

Advisory Information Title: Default markup formatter permits offsite-bound forms Date published : 2013-12-16 Date of last update: 2013-12-16 Vendors contacted : Jenkins CI v 1.523 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information CVE reference: CVE-2013-5573 CVSS v2...

4.3CVSS9.3AI score0.05307EPSS

securityvulns•added 2014/01/09 12:0 a.m.•65 views

LiveZilla 5.1.2.0 Insecure password storage

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7033 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Status: Partly fixed 0x01 Background LiveZilla, the widely-used and trusted Liv...

4.3CVSS0.2AI score0.0025EPSS

securityvulns•added 2014/01/09 12:0 a.m.•48 views

BF, LE and IAA vulnerabilities in InstantCMS

Hello 3APA3A! As I've announced earlier http://seclists.org/fulldisclosure/2013/Nov/219, I conducted a Day of bugs in WordPress 3. At 30.11.2013 I disclosed many new vulnerabilities in WordPress. I've disclosed 10 holes they were placed at my site for your attention. And this is translation of th...

securityvulns•added 2014/01/09 12:0 a.m.•73 views

CSP MySQL User Manager v2.3 SQL Injection Authentication Bypass

Exploit Title: CSP MySQL User Manager v2.3 SQL Injection Authentication Bypass Google Dork: intitle:"CSP MySQL User Manager" Date: 8/1/2013 Exploit Author: Youssef mami Vendor Homepage: https://code.google.com/p/cspmum/ Software Link:...

securityvulns•added 2014/01/09 12:0 a.m.•48 views

SAMSPADE 1.14 BUFFER OVERFLOW

Exploit Title: SAMSPADE 1.14 BUFFER OVERFLOW Date: 10-12-2013 Exploit Author: VISHAL MISHRA & NIDHI VERMA Vendor Homepage: http://www.samspade.org/ Software Link: http://www.majorgeeks.com/mg/getmirror/samspade,1.html Version: 1.1.4 beta Tested on: WINDOWS XPsp2 TARGET: windows xpsp2...

securityvulns•added 2014/01/09 12:0 a.m.•46 views

Information Leakage and Backdoor vulnerabilities in WordPress

Hello 3APA3A! As I've announced earlier http://seclists.org/fulldisclosure/2013/Nov/219, I conducted a Day of bugs in WordPress 3. At 30.11.2013 I disclosed many new vulnerabilities in WordPress. I've disclosed 10 holes they were placed at my site for your attention. And this is translation of th...

securityvulns•added 2014/01/09 12:0 a.m.•65 views

Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin

Advisory ID: HTB23189 Product: WP-Cron Dashboard Wordpress plugin Vendor: OKAMOTO Wataru Vulnerable Versions: 1.1.5 and probably prior Tested Version: 1.1.5 Advisory Publication: December 5, 2013 without technical details Vendor Notification: December 5, 2013 Public Disclosure: December 26, 2013...

4.3CVSS6.2AI score0.00473EPSS

securityvulns•added 2014/01/09 12:0 a.m.•41 views

Vulnerabilities in plugins for WordPress, Joomla and Plone with Dewplayer

Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in plugins for WordPress, Joomla and Plone with Dewplayer. Earlier I wrote about vulnerabilities in Dewplayer http://seclists.org/fulldisclosure/2013/Dec/192. This is media player, which is used at thousands web sit...

securityvulns•added 2014/01/09 12:0 a.m.•57 views

Vulnerabilities in Apache Solr < 4.6.0

Hello, Apache Solr is search platform edited by the Apache project. Quoting http://lucene.apache.org/solr/:"its major features include powerful full-text search, hit highlighting, faceted search, near real-time indexing, dynamic clustering, database integration, rich document e.g., Word, PDF...

6.4CVSS1.1AI score0.90931EPSS

securityvulns•added 2014/01/09 12:0 a.m.•67 views

SQL Injection in InstantCMS

Advisory ID: HTB23185 Product: InstantCMS Vendor: InstantSoft Vulnerable Versions: 1.10.3 and probably prior Tested Version: 1.10.3 Advisory Publication: November 20, 2013 without technical details Vendor Notification: November 20, 2013 Vendor Patch: November 21, 2013 Public Disclosure: December...

7.5CVSS0.3AI score0.00486EPSS

securityvulns•added 2014/01/09 12:0 a.m.•34 views

Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities

Document Title: =============== Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1165 Release Date: ============= 2013-12-09 Vulnerability Laboratory ID VL-ID: ==================================...

securityvulns•added 2014/01/09 12:0 a.m.•40 views

hplip multiple security vulnerabilities

Symbolic links vulnerability, code execution, weak permissions...

6.9CVSS1.4AI score0.0078EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/01/09 12:0 a.m.•39 views

CSRF, DoS and IL vulnerabilities in WordPress

Hello 3APA3A! As I've announced earlier http://seclists.org/fulldisclosure/2013/Nov/219, I conducted a Day of bugs in WordPress 3. At 30.11.2013 I disclosed many new vulnerabilities in WordPress. I've disclosed 10 holes they were placed at my site for your attention. And this is translation of th...

securityvulns•added 2014/01/09 12:0 a.m.•45 views

Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin

Advisory ID: HTB23187 Product: Ad-minister Wordpress plugin Vendor: henrikmelin, kalstrom Vulnerable Versions: 0.6 and probably prior Tested Version: 0.6 Advisory Publication: December 5, 2013 without technical details Vendor Notification: December 5, 2013 Public Disclosure: December 26, 2013...

4.3CVSS6.2AI score0.0027EPSS

securityvulns•added 2014/01/09 12:0 a.m.•88 views

SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection

SEC Consult Vulnerability Lab Security Advisory 20131227-0 ======================================================================= title: XPath Injection product: IBM Web Content Manager WCM vulnerable version: 6.x, 7.x, 8.x fixed version: - impact: high homepage: http://www.ibm.com/ found:...

5CVSS6.5AI score0.01255EPSS

securityvulns•added 2014/01/09 12:0 a.m.•99 views

[REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2013-001 ------------------------------------------------------------------------ Advisory ID: REVIVE-SA-2013-001 CVE ID: CVE-2013-7149 Date: 2013-12-20 Security risk: Critical...

7.5CVSS7.1AI score0.00413EPSS

securityvulns•added 2014/01/09 12:0 a.m.•86 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.90931EPSS

Exploits60References33Affected Software24

securityvulns•added 2014/01/09 12:0 a.m.•20 views

AppStore applications security vulnerabilities

Different iOS applications security vulnerabilities...

Exploits0References1Affected Software2

securityvulns•added 2014/01/09 12:0 a.m.•23 views

Evernote Android security vulnerabilities

Different protection bypass vulnerabilities...

2.8AI score0.00103EPSS

Exploits1References2Affected Software1

securityvulns•added 2014/01/09 12:0 a.m.•102 views

[SECURITY] [DSA 2829-1] hplip security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2829-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 28, 2013 http://www.debian.org/security/faq -...

6.9CVSS1.2AI score0.0078EPSS

securityvulns•added 2014/01/09 12:0 a.m.•63 views

Path Traversal in eduTrac

Advisory ID: HTB23190 Product: eduTrac Vendor: 7 Media Web Solutions, LLC. Vulnerable Versions: 1.1.1-Stable and probably prior Tested Version: 1.1.1-Stable Advisory Publication: December 11, 2013 without technical details Vendor Notification: December 11, 2013 Vendor Patch: December 16, 2013...

5CVSS6.5AI score0.14658EPSS

securityvulns•added 2014/01/09 12:0 a.m.•65 views

User Identity Spoofing in Bitrix Site Manager

Advisory ID: HTB23183 Product: Bitrix Site Manager Vendor: Bitrix, Inc Vulnerable Versions: 12.5.13 and probably prior Tested Version: 12.5.13 Advisory Publication: November 6, 2013 without technical details Vendor Notification: November 6, 2013 Vendor Patch: November 12, 2013 Public Disclosure:...

7.5CVSS0.4AI score0.00433EPSS

securityvulns•added 2014/01/09 12:0 a.m.•50 views

FlashCanvas 1.5 proxy.php XSS Vulnerability

Advisory Information Title: FlashCanvas proxy.php XSS Vulnerability Date published: 11 December 2013 Reference: CVE-2013-6880 Advisory Summary Script does not adequately verify the Referer header before requesting via curl the remote URL specified in the ‘url’ GET parameter and rendering it. Vend...

0.1AI score0.00664EPSS

securityvulns•added 2014/01/09 12:0 a.m.•33 views

Hancom Office buffer overflow

Buffer overflow on HTML parsing...

Exploits0References1

securityvulns•added 2014/01/09 12:0 a.m.•54 views

[ MDVSA-2013:290 ] mediawiki

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:290 http://www.mandriva.com/en/support/security/ Package : mediawiki Date : December 17, 2013 Affected: Business Server 1.0 Problem Description: Updated mediawiki packages fix security vulnerabilities: Kevin...

4.3CVSS6.6AI score0.01288EPSS

securityvulns•added 2014/01/09 12:0 a.m.•92 views

[CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Leed Light Feed Vendor: Valentin CARRUESCO aka Idleman CSNC ID: CSNC-2013-005 SQL Injection, CSNC-2013-006 CSRF, CSNC-2013-007 Authentication Bypass CVD ID: CVE-2013-2627 SQL Injection, CVE-2013-2628 CSRF,...

7.5CVSS0.1AI score0.00397EPSS

securityvulns•added 2014/01/09 12:0 a.m.•40 views

[CVE-2013-5112] Evernote Android Insecure Storage of PIN data / Bypass of PIN protection

Evernote Android Insecure Storage of PIN data / Bypass of PIN protection Product: Evernote Android Project Homepage: evernote.com Internal Advisory ID: c22-2013-03 / c22-2013-04 Vulnerable Versions: Android version 5.5.0 and prior Tested Version: Android 5.x Android 4.2/4.3 Vendor Notification: A...

1.1AI score0.00103EPSS

securityvulns•added 2014/01/08 12:0 a.m.•56 views

[USN-2078-1] libXfont vulnerability

========================================================================== Ubuntu Security Notice USN-2078-1 January 07, 2014 libxfont vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

9.3CVSS0.8AI score0.12029EPSS

securityvulns•added 2014/01/08 12:0 a.m.•57 views

Command injection vulnerability in Ruby Gem sprout 0.7.246

Title: Command injection vulnerability in Ruby Gem sprout 0.7.246 Date: 11/14/2013 Download: http://rubygems.org/gems/sprout, http://projectsprouts.org/ Vulnerability: The unpackzip function contains the following code: sprout-0.7.246/lib/sprout/archiveunpacker.rb 60 zipdir =...

securityvulns•added 2014/01/08 12:0 a.m.•28 views

EMC Replication Manager directory traversal

Directory traversal via user scripts...

7.2CVSS3.7AI score0.00068EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/01/08 12:0 a.m.•76 views

[scip_Advisory 10847] MobileIron 4.5.4 Device Registration regpin Cross Site Scripting

MobileIron 4.5.4 Device Registration regpin Cross Site Scripting scip AG Vulnerability ID 10847 10/28/2013 http://www.scip.ch/en/?vuldb.10847 I. INTRODUCTION MobileIron is a commercial solution to provide secure access to mobile users in corporate environments. More information is available on th...

securityvulns•added 2014/01/08 12:0 a.m.•31 views

clutter privilege escalation

Invalid handling of system resume...

2.1CVSS2.6AI score0.00078EPSS

Exploits1References1Affected Software1

securityvulns•added 2014/01/08 12:0 a.m.•52 views

[USN-2056-1] DjVuLibre vulnerability

========================================================================== Ubuntu Security Notice USN-2056-1 December 16, 2013 djvulibre vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

9.3CVSS0.9AI score0.05355EPSS

securityvulns•added 2014/01/08 12:0 a.m.•60 views

[security bulletin] HPSBMU02959 rev.1 - HP Service Manager WebTier and Windows Client, Cross-Site Scripting (XSS), Execution of Arbitrary Code and other Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04052075 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04052075 Version: 1 HPSBMU02959 rev....

5.2CVSS1.2AI score0.00701EPSS

securityvulns•added 2014/01/08 12:0 a.m.•83 views

[USN-2075-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2075-1 January 03, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.1CVSS0.5AI score0.0497EPSS

securityvulns•added 2014/01/08 12:0 a.m.•138 views

ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities

ESA-2013-089.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities EMC Identifier: ESA-2013-089 CVE Identifier: CVE-2013-6810 Severity Rating: CVSS v2 Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C...

10CVSS0.7AI score0.64844EPSS

securityvulns•added 2014/01/08 12:0 a.m.•28 views

EMC NetWorker information leakage

Cleartext password in audit reports...

3.5CVSS1.9AI score0.0019EPSS

Exploits0References1Affected Software1

securityvulns•added 2014/01/08 12:0 a.m.•40 views

QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability

Document Title: =============== QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1171 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6767 CVE-ID: ===== CVE-2013-6767 Release Date:...

7.2CVSS6.5AI score0.00257EPSS

securityvulns•added 2014/01/08 12:0 a.m.•35 views

HP Data Protector multiple security vulnerabilities

Code execution, privilege escalation, DoS...

10CVSS2.8AI score0.77324EPSS

Exploits23References1Affected Software1

securityvulns•added 2014/01/08 12:0 a.m.•45 views

ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability

ESA-2013-091.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability EMC Identifier: ESA-2013-091 CVE Identifier: CVE-2013-6181 Severity Rating: CVSS v2 Base Score: CVSS 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected products: • EMC Watch4Net...

2.1CVSS0.4AI score0.00062EPSS

securityvulns•added 2014/01/08 12:0 a.m.•31 views

EMC Watch4net information leakage

Devices passwords are stored in cleartext...

2.1CVSS2.5AI score0.00062EPSS

Exploits0References1Affected Software1

Total number of security vulnerabilities47153