Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2013/12/16 12:0 a.m.53 views

Microsoft Office security vulnerabilities

Informatio leakage on Sharepoint files access, Microsoft Office Shared Component information leakage...

4.3CVSS1.8AI score0.12769EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.59 views

Apple iPhone / iPad multiple securit vulnerabilities

Multiple vulnerabilities in different system components...

9.3CVSS2.3AI score0.11999EPSS
Exploits12References3Affected Software2
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.22 views

OpenSSL multiple security vulnerabilities

NULL pointer dereference, off-by one buffer overflow, DoS...

2.7AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.114 views

Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability

Document Title: =============== Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1125 Release Date: ============= 2013-10-27 Vulnerability Laboratory ID VL-ID: ====================================...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.74 views

Multiple Cross-Site Scripting (XSS) in Claroline

Advisory ID: HTB23179 Product: Claroline Vendor: Claroline Consortium Vulnerable Versions: 1.11.8 and probably prior Tested Version: 1.11.8 Advisory Publication: October 23, 2013 without technical details Vendor Notification: October 23, 2013 Vendor Patch: November 7, 2013 Public Disclosure:...

4.3CVSS6.5AI score0.01379EPSS
Exploits3
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.130 views

NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability

Document Title: =============== NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1150 Lab News Article: http://www.vulnerability-lab.com/news/getnews.php?id=115 Release Date: =============...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.127 views

Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities

Document Title: =============== Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1117 Release Date: ============= 2013-10-18 Vulnerability Laboratory ID VL-ID:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.42 views

pixman integer overflow

No description provided...

5CVSS3.6AI score0.0288EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.63 views

Multiple CSRF Horde Groupware Web mail Edition 5.1.2

Exploit Title : Multiple CSRF Horde Groupware Web mail Edition Author:Marcela Benetrix Date: 10/25/13 version: 5.1.2 software link:http://www.horde.org/apps/webmail GroupWare Web mail Edition Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can...

6.4AI score0.02072EPSS
Exploits6
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.37 views

Belkin NetCam backdoor

Unchangable account...

2.3AI score
Exploits0References1
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.19 views

Pineapp MailSecure code execution

Code execution via web interface...

3.4AI score
Exploits0References1
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.37 views

SKIDATA RFID Freemotion.Gate code execution

Code execution via TCP/7777 web interface...

3.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.34 views

OpenVAS Manager / OpenVAS Administrator authentication bypass

Access to some commands is not authenticated...

7.5CVSS3.6AI score0.07271EPSS
Exploits3References1Affected Software2
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.120 views

ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities

ESA-2013-078.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities EMC Identifier: ESA-2013-078 CVE Identifier: CVE-2013-6173, CVE-2013-6174, CVE-2013-6175, CVE-2013-6176, CVE-2013-6177 Severity Rating: CVSS v2 Base Score: See bel...

6.8CVSS7.4AI score0.02403EPSS
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.67 views

[SE-2012-01] Issue 69 details and IBM Java vulnerabilities

Hello All, The CPU released yesterday Oct 15, 2013 by Oracle included information about a fix for Java SE 7 vulnerability Issue 69 that was reported to the company in July. Issue 69 allows to conduct a very classic attack against Java VM - the so called class spoofing attack. To quote the paper...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.40 views

OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability

Document Title: =============== OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1110 Release Date: ============= 2013-10-13 Vulnerability Laboratory ID VL-ID:...

Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.66 views

CVE-2013-5694 Blind SQL Injection in Ops View

CVE-2013-5694 Blind SQL Injection in Ops View Versions: Opsview pre 4.4.1 Author: J. Oquendo joquendo at e-fensive dot net I. ADVISORY Title: Blind SQL Injection in OpsView Date published: 2013-10-28 Vendor contacted: 2013-09-04 II. BACKGROUND Opsview is a systems management software built on ope...

7.5CVSS0.4AI score0.02561EPSS
Exploits6
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.61 views

Multiple issues in OpenSSL - BN (multiprecision integer arithmetics).

General info: ============= The bn multiprecision integer arithmetics part of the OpenSSL library is prone to null ptr deref, off-by-one and others resulting in DoS/crashes. Versions tested were between 0.9.8k and 1.0.1e. We were too lazcough busy to prepare the fancy table, sorry guys. Some PoC...

7AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.68 views

[ MDVSA-2013:263 ] roundcubemail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:263 http://www.mandriva.com/en/support/security/ Package : roundcubemail Date : October 29, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered...

7.5CVSS8.9AI score0.02873EPSS
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.146 views

pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities

Document Title: =============== pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1130 Release Date: ============= 2013-11-01 Vulnerability Laboratory ID VL-ID:...

Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.379 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

8.5CVSS1.6AI score0.23322EPSS
Exploits78References50Affected Software39
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.41 views

D-Link routers multiple security vulnerabilities

Shell characters injection, authentication bypass...

9.3CVSS3.5AI score0.0416EPSS
Exploits0References5
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.28 views

Intersystems Cache code execution

Insecure default installation...

4.6AI score
Exploits0References1
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.32 views

VMWare privilege escalation

Privilege escalation in the guest system via LGTOSYNC.SYS...

7.9CVSS4.2AI score0.00506EPSS
Exploits0References1Affected Software4
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.72 views

[ MDVSA-2013:285 ] bugzilla

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:285 http://www.mandriva.com/en/support/security/ Package : bugzilla Date : November 26, 2013 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities was found and corrected in bugzilla:...

6.8CVSS6.3AI score0.02824EPSS
Exploits6
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.129 views

Cross-Site Scripting (XSS) in Zikula Application Framework

Advisory ID: HTB23178 Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Versions: 1.3.5 build 20 and probably prior Tested Version: 1.3.5 build 20 Advisory Publication: October 16, 2013 without technical details Vendor Notification: October 16, 2013 Vendor Patch:...

4.3CVSS6.3AI score0.0122EPSS
Exploits3
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.59 views

Cross-Site Scripting (XSS) in Jamroom

Advisory ID: HTB23184 Product: Jamroom Vendor: Talldude Networks, LLC Vulnerable Versions: 5.0.2 and probably prior Tested Version: 5.0.2 Advisory Publication: November 13, 2013 without technical details Vendor Notification: November 13, 2013 Vendor Patch: November 13, 2013 Public Disclosure:...

4.3CVSS6.3AI score0.01206EPSS
Exploits3
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.46 views

pineapp mailsecure remote no authenticated privilege escalation & remote execution code

Hi, related this: http://seclists.org/fulldisclosure/2013/Nov/136 In February 2013 I send Pineapp the following information: ----------------------------------------------------------------- It is possible execute any command bash as qmailq unprivilege user, sending only the following https...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.100 views

Mybb Ajaxfs Plugin Sql Injection vulnerability

a Sql Injection vulnerability In Mybb Ajaxfs Plugin Version 2.0 @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@...

1AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.94 views

Vulnerability in Pydio/AjaXplorer <= 5.0.3

Vulnerability in Pydio/AjaXplorer = 5.0.3 ============ Background: Pydio allows you to instantly turn any server into a powerful file sharing platform. Formerly known as AjaXplorer ============ Description of vulnerability There is an unrestricted upload capability, in one of the plugins that is...

8.5CVSS0.6AI score0.07962EPSS
Exploits7
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.58 views

[USN-2047-1] pixman vulnerability

========================================================================== Ubuntu Security Notice USN-2047-1 December 03, 2013 pixman vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.108 views

[PT-2013-63] Hash Length Extension in HTMLPurifier

----------------------------------------------------------- PT-2013-63 Positive Technologies Security Advisory Hash Length Extension in HTMLPurifier ----------------------------------------------------------- --- Vulnerable software HTMLPurifier Version: 4.5.0 and earlier Link:...

1AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.65 views

[USN-2028-1] Apache XML Security for Java vulnerability

========================================================================== Ubuntu Security Notice USN-2028-1 November 12, 2013 libxml-security-java vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

4.3CVSS0.5AI score0.0593EPSS
Exploits1
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.54 views

[ANN] Struts 2.3.15.3 GA release available - security fix

The Apache Struts group is pleased to announce that Struts 2.3.15.3 is available as a "General Availability" release.The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed ...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.42 views

CVE-2013-4425: Private key disclosure, Osirix (lite, 64bit and FDA cleader version) (Medical Application)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Private key disclosure, Osirix lite, 64bit and FDA cleader version CVE-2013-4425 version 1.09 CVSS Score: 8.4 Background: =========== OsiriX is an image processing software dedicated to DICOM images files with a ".dcm" / ".DCM" extension produced by...

1.9CVSS6.7AI score0.0035EPSS
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.49 views

Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities

Document Title: =============== Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1153 Release Date: ============= 2013-12-02 Vulnerability Laboratory ID VL-ID: ==================================...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.60 views

Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability

Document Title: =============== Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1105 Video: http://www.vulnerability-lab.com/getcontent.php?id=1104 Release Date: ============= 2013-10-04...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.60 views

Vulnerability in Pydio/AjaXplorer <= 5.0.3

Vulnerability in Pydio/AjaXplorer = 5.0.3 ============ Background: Pydio allows you to instantly turn any server into a powerful file sharing platform. Formerly known as AjaXplorer ============ Description of vulnerability There is a path traversal vulnerability in the zoho plugin that is...

8.5CVSS0.3AI score0.02239EPSS
Exploits3
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.90 views

[ISecAuditors Security Advisories] Multiple XSS vulnerabilities in "Project'Or RIA"

============================================= INTERNET SECURITY AUDITORS ALERT 2013-018 - Original release date: July 26th, 2013 - Last revised: July 26th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Scored - CVE-ID: CVE-2013-6163...

4.3CVSS1.3AI score0.01713EPSS
Exploits2
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.48 views

Vulnerabilities hiddenly fixed in WordPress 3.5 and 3.5.1

Hello list! Earlier I wrote about one vulnerability in WordPress, which were hiddenly fixed in version 3.5.2 http://seclists.org/fulldisclosure/2013/Jul/70 and about nine vulnerabilities in versions 3.6 and 3.6.1 http://seclists.org/fulldisclosure/2013/Nov/220. Here are new ones. These are hidden...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.68 views

Cisco Mars Cross-Site Scripting Vulnerability - CVE-2013-5563

Vulnerability Type: Cross-Site Scripting CVE: CVE-2013-5563 Products and affected versions: Cisco Security Monitoring, Analysis and Response System CS-MARS - All versions Vendor Website: http://www.cisco.com/en/US/products/ps6241/ Cisco Advisory: https://tools.cisco.com/bugsearch/bug/CSCul16173...

4.3CVSS5.5AI score0.0096EPSS
Exploits2
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.83 views

[ MDVSA-2013:287 ] drupal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:287 http://www.mandriva.com/en/support/security/ Package : drupal Date : November 26, 2013 Affected: Business Server 1.0 Problem Description: Multiple security issues was identified and fixed in drupal: Drup...

6.8CVSS5.7AI score0.03072EPSS
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.54 views

CVE-2013-5695 Multilple Cross Site Scripting (XSS) Attacks in Ops View

CVE-2013-5695 Multilple Cross Site Scripting XSS Attacks in Ops View Versions: Opsview pre 4.4.1 Author: J. Oquendo joquendo at e-fensive dot net I. ADVISORY Title: Multilple Cross Site Scripting XSS Attacks in Ops View Date published: 2013-10-28 Vendor contacted: 2013-09-04 II. BACKGROUND Opsvie...

4.3CVSS0.2AI score0.0096EPSS
Exploits2
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.68 views

[SECURITY] [DSA 2808-1] openjpeg security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2808-1 [email protected] http://www.debian.org/security/ Raphael Geissert December 03, 2013 http://www.debian.org/security/faq -...

7.5CVSS2.1AI score0.05515EPSS
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.39 views

Vulnerabilities hiddenly fixed in WordPress 3.6 and 3.6.1

Hello list! In July I wrote about one vulnerability in WordPress, which were hiddenly fixed in version 3.5.2 http://securityvulns.ru/docs29555.html. Here are new ones. These are hiddenly fixed vulnerabilities in such versions of WordPress as 3.6 and 3.6.1. Developers of WP intentionally haven't...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.53 views

Open-Xchange Security Advisory 2013-11-25

Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 29648 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 6.22.4 and earlier Vulnerable component: frontend6 Fixed version: 6.22.3-rev5, 6.22.4-rev12...

0.3AI score0.01626EPSS
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.73 views

LiveZilla 5.1.0.0 Reflected XSS in translations

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7002 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.0.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...

4.3CVSS0.5AI score0.01208EPSS
Exploits2
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.44 views

Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities

Document Title: =============== Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1120 Release Date: ============= 2013-10-26 Vulnerability Laboratory ID VL-ID: ==================================...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.59 views

SQL Injection in Chamilo LMS

Advisory ID: HTB23182 Product: Chamilo LMS Vendor: Chamilo Association Vulnerable Versions: 1.9.6 and probably prior Tested Version: 1.9.6 Advisory Publication: November 6, 2013 without technical details Vendor Notification: November 6, 2013 Vendor Patch: November 9, 2013 Public Disclosure:...

6CVSS7.7AI score0.02739EPSS
Exploits6
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.128 views

Remote Code Execution in Microweber

Advisory ID: HTB23175 Product: Microweber Vendor: Microweber Vulnerable Versions: 0.8 and probably prior Tested Version: 0.8 Advisory Publication: September 25, 2013 without technical details Vendor Notification: September 25, 2013 Vendor Patch: September 26, 2013 Public Disclosure: October 16,...

6.4CVSS0.3AI score0.02823EPSS
Exploits2
Total number of security vulnerabilities47153