Securityvulns - Page 78 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2013/12/16 12:0 a.m.•53 views

Microsoft Office security vulnerabilities

Informatio leakage on Sharepoint files access, Microsoft Office Shared Component information leakage...

4.3CVSS1.8AI score0.12769EPSS

Exploits0Affected Software1

securityvulns•added 2013/12/09 12:0 a.m.•59 views

Apple iPhone / iPad multiple securit vulnerabilities

Multiple vulnerabilities in different system components...

9.3CVSS2.3AI score0.11999EPSS

Exploits12References3Affected Software2

securityvulns•added 2013/12/09 12:0 a.m.•22 views

OpenSSL multiple security vulnerabilities

NULL pointer dereference, off-by one buffer overflow, DoS...

Exploits0References1Affected Software1

securityvulns•added 2013/12/09 12:0 a.m.•36 views

My File Explorer v1.3.1 iOS - Multiple Web Vulnerabilities

Document Title: =============== My File Explorer v1.3.1 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1107 Release Date: ============= 2013-10-09 Vulnerability Laboratory ID VL-ID: ====================================...

securityvulns•added 2013/12/09 12:0 a.m.•114 views

Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability

Document Title: =============== Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1125 Release Date: ============= 2013-10-27 Vulnerability Laboratory ID VL-ID: ====================================...

securityvulns•added 2013/12/09 12:0 a.m.•74 views

Multiple Cross-Site Scripting (XSS) in Claroline

Advisory ID: HTB23179 Product: Claroline Vendor: Claroline Consortium Vulnerable Versions: 1.11.8 and probably prior Tested Version: 1.11.8 Advisory Publication: October 23, 2013 without technical details Vendor Notification: October 23, 2013 Vendor Patch: November 7, 2013 Public Disclosure:...

4.3CVSS6.5AI score0.01379EPSS

securityvulns•added 2013/12/09 12:0 a.m.•130 views

NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability

Document Title: =============== NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1150 Lab News Article: http://www.vulnerability-lab.com/news/getnews.php?id=115 Release Date: =============...

securityvulns•added 2013/12/09 12:0 a.m.•127 views

Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities

Document Title: =============== Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1117 Release Date: ============= 2013-10-18 Vulnerability Laboratory ID VL-ID:...

securityvulns•added 2013/12/09 12:0 a.m.•66 views

D-Link DIR-XXX remote root access exploit.

General info: ============= A lot have been already said about SOHO routers. Thus, without further ado another nail in the coffin. knock knock =========== -- cut !/bin/sh if -z "$1" ; then echo "d-link DIR-300 all, DIR-600 all, DIR-615 fw 4.0"; echo "exploited by AKAT-1,...

securityvulns•added 2013/12/09 12:0 a.m.•89 views

[ISecAuditors Security Advisories] Multiple XSS vulnerabilities in "Project'Or RIA"

============================================= INTERNET SECURITY AUDITORS ALERT 2013-018 - Original release date: July 26th, 2013 - Last revised: July 26th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Scored - CVE-ID: CVE-2013-6163...

4.3CVSS1.3AI score0.01713EPSS

securityvulns•added 2013/12/09 12:0 a.m.•42 views

pixman integer overflow

No description provided...

5CVSS3.6AI score0.0288EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/12/09 12:0 a.m.•63 views

Multiple CSRF Horde Groupware Web mail Edition 5.1.2

Exploit Title : Multiple CSRF Horde Groupware Web mail Edition Author:Marcela Benetrix Date: 10/25/13 version: 5.1.2 software link:http://www.horde.org/apps/webmail GroupWare Web mail Edition Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can...

6.4AI score0.02072EPSS

securityvulns•added 2013/12/09 12:0 a.m.•37 views

Belkin NetCam backdoor

Unchangable account...

Exploits0References1

securityvulns•added 2013/12/09 12:0 a.m.•59 views

Vulnerability in Pydio/AjaXplorer <= 5.0.3

Vulnerability in Pydio/AjaXplorer = 5.0.3 ============ Background: Pydio allows you to instantly turn any server into a powerful file sharing platform. Formerly known as AjaXplorer ============ Description of vulnerability There is a path traversal vulnerability in the zoho plugin that is...

8.5CVSS0.3AI score0.02239EPSS

securityvulns•added 2013/12/09 12:0 a.m.•19 views

Pineapp MailSecure code execution

Code execution via web interface...

Exploits0References1

securityvulns•added 2013/12/09 12:0 a.m.•37 views

SKIDATA RFID Freemotion.Gate code execution

Code execution via TCP/7777 web interface...

Exploits0References1Affected Software1

securityvulns•added 2013/12/09 12:0 a.m.•34 views

OpenVAS Manager / OpenVAS Administrator authentication bypass

Access to some commands is not authenticated...

7.5CVSS3.6AI score0.07271EPSS

Exploits3References1Affected Software2

securityvulns•added 2013/12/09 12:0 a.m.•120 views

ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities

ESA-2013-078.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities EMC Identifier: ESA-2013-078 CVE Identifier: CVE-2013-6173, CVE-2013-6174, CVE-2013-6175, CVE-2013-6176, CVE-2013-6177 Severity Rating: CVSS v2 Base Score: See bel...

6.8CVSS7.4AI score0.02403EPSS

securityvulns•added 2013/12/09 12:0 a.m.•67 views

[SE-2012-01] Issue 69 details and IBM Java vulnerabilities

Hello All, The CPU released yesterday Oct 15, 2013 by Oracle included information about a fix for Java SE 7 vulnerability Issue 69 that was reported to the company in July. Issue 69 allows to conduct a very classic attack against Java VM - the so called class spoofing attack. To quote the paper...

securityvulns•added 2013/12/09 12:0 a.m.•82 views

[ MDVSA-2013:287 ] drupal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:287 http://www.mandriva.com/en/support/security/ Package : drupal Date : November 26, 2013 Affected: Business Server 1.0 Problem Description: Multiple security issues was identified and fixed in drupal: Drup...

6.8CVSS5.7AI score0.03072EPSS

securityvulns•added 2013/12/09 12:0 a.m.•40 views

OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability

Document Title: =============== OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1110 Release Date: ============= 2013-10-13 Vulnerability Laboratory ID VL-ID:...

securityvulns•added 2013/12/09 12:0 a.m.•66 views

CVE-2013-5694 Blind SQL Injection in Ops View

CVE-2013-5694 Blind SQL Injection in Ops View Versions: Opsview pre 4.4.1 Author: J. Oquendo joquendo at e-fensive dot net I. ADVISORY Title: Blind SQL Injection in OpsView Date published: 2013-10-28 Vendor contacted: 2013-09-04 II. BACKGROUND Opsview is a systems management software built on ope...

7.5CVSS0.4AI score0.02561EPSS

securityvulns•added 2013/12/09 12:0 a.m.•61 views

Multiple issues in OpenSSL - BN (multiprecision integer arithmetics).

General info: ============= The bn multiprecision integer arithmetics part of the OpenSSL library is prone to null ptr deref, off-by-one and others resulting in DoS/crashes. Versions tested were between 0.9.8k and 1.0.1e. We were too lazcough busy to prepare the fancy table, sorry guys. Some PoC...

securityvulns•added 2013/12/09 12:0 a.m.•47 views

Vulnerabilities hiddenly fixed in WordPress 3.5 and 3.5.1

Hello list! Earlier I wrote about one vulnerability in WordPress, which were hiddenly fixed in version 3.5.2 http://seclists.org/fulldisclosure/2013/Jul/70 and about nine vulnerabilities in versions 3.6 and 3.6.1 http://seclists.org/fulldisclosure/2013/Nov/220. Here are new ones. These are hidden...

securityvulns•added 2013/12/09 12:0 a.m.•53 views

CVE-2013-5695 Multilple Cross Site Scripting (XSS) Attacks in Ops View

CVE-2013-5695 Multilple Cross Site Scripting XSS Attacks in Ops View Versions: Opsview pre 4.4.1 Author: J. Oquendo joquendo at e-fensive dot net I. ADVISORY Title: Multilple Cross Site Scripting XSS Attacks in Ops View Date published: 2013-10-28 Vendor contacted: 2013-09-04 II. BACKGROUND Opsvie...

4.3CVSS0.2AI score0.0096EPSS

securityvulns•added 2013/12/09 12:0 a.m.•67 views

[SECURITY] [DSA 2808-1] openjpeg security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2808-1 [email protected] http://www.debian.org/security/ Raphael Geissert December 03, 2013 http://www.debian.org/security/faq -...

7.5CVSS2.1AI score0.05515EPSS

securityvulns•added 2013/12/09 12:0 a.m.•72 views

LiveZilla 5.1.0.0 Reflected XSS in translations

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7002 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.0.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...

4.3CVSS0.5AI score0.01208EPSS

securityvulns•added 2013/12/09 12:0 a.m.•100 views

wordpress jigoshop Plugin path disclosure vulnerabilities

the following directories is vulnerable to path disclosure vulnerability in wordpress jigoshop Plugin 1.8 @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@...

securityvulns•added 2013/12/09 12:0 a.m.•48 views

ILIAS eLearning 4.3.4 & 4.4 CMS - Persistent Notes Web Vulnerability

Document Title: =============== ILIAS eLearning 4.3.4 & 4.4 CMS - Persistent Notes Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1122 Release Date: ============= 2013-10-27 Vulnerability Laboratory ID VL-ID:...

securityvulns•added 2013/12/09 12:0 a.m.•145 views

pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities

Document Title: =============== pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1130 Release Date: ============= 2013-11-01 Vulnerability Laboratory ID VL-ID:...

securityvulns•added 2013/12/09 12:0 a.m.•41 views

D-Link routers multiple security vulnerabilities

Shell characters injection, authentication bypass...

9.3CVSS3.5AI score0.0416EPSS

Exploits0References5

securityvulns•added 2013/12/09 12:0 a.m.•28 views

Intersystems Cache code execution

Insecure default installation...

Exploits0References1

securityvulns•added 2013/12/09 12:0 a.m.•32 views

VMWare privilege escalation

Privilege escalation in the guest system via LGTOSYNC.SYS...

7.9CVSS4.2AI score0.00506EPSS

Exploits0References1Affected Software4

securityvulns•added 2013/12/09 12:0 a.m.•72 views

[ MDVSA-2013:285 ] bugzilla

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:285 http://www.mandriva.com/en/support/security/ Package : bugzilla Date : November 26, 2013 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities was found and corrected in bugzilla:...

6.8CVSS6.3AI score0.02824EPSS

securityvulns•added 2013/12/09 12:0 a.m.•129 views

Cross-Site Scripting (XSS) in Zikula Application Framework

Advisory ID: HTB23178 Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Versions: 1.3.5 build 20 and probably prior Tested Version: 1.3.5 build 20 Advisory Publication: October 16, 2013 without technical details Vendor Notification: October 16, 2013 Vendor Patch:...

4.3CVSS6.3AI score0.0122EPSS

securityvulns•added 2013/12/09 12:0 a.m.•29 views

Bluetooth U v1.2.0 iOS - Directory Traversal Vulnerability

Document Title: =============== Bluetooth U v1.2.0 iOS - Directory Traversal Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1111 Release Date: ============= 2013-10-16 Vulnerability Laboratory ID VL-ID: ====================================...

securityvulns•added 2013/12/09 12:0 a.m.•52 views

Open-Xchange Security Advisory 2013-11-25

Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 29648 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 6.22.4 and earlier Vulnerable component: frontend6 Fixed version: 6.22.3-rev5, 6.22.4-rev12...

0.3AI score0.01626EPSS

securityvulns•added 2013/12/09 12:0 a.m.•48 views

Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities

Document Title: =============== Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1153 Release Date: ============= 2013-12-02 Vulnerability Laboratory ID VL-ID: ==================================...

securityvulns•added 2013/12/09 12:0 a.m.•60 views

SQL Injection in Dokeos

Advisory ID: HTB23181 Product: Dokeos Vendor: Dokeos Vulnerable Versions: 2.2 RC2 and probably prior Tested Version: 2.2 RC2 Advisory Publication: October 30, 2013 without technical details Vendor Notification: October 30, 2013 Public Disclosure: November 27, 2013 Vulnerability Type: SQL Injectio...

7.5CVSS8AI score0.02279EPSS

securityvulns•added 2013/12/09 12:0 a.m.•59 views

Cross-Site Scripting (XSS) in Jamroom

Advisory ID: HTB23184 Product: Jamroom Vendor: Talldude Networks, LLC Vulnerable Versions: 5.0.2 and probably prior Tested Version: 5.0.2 Advisory Publication: November 13, 2013 without technical details Vendor Notification: November 13, 2013 Vendor Patch: November 13, 2013 Public Disclosure:...

4.3CVSS6.3AI score0.01206EPSS

securityvulns•added 2013/12/09 12:0 a.m.•38 views

Vulnerabilities hiddenly fixed in WordPress 3.6 and 3.6.1

Hello list! In July I wrote about one vulnerability in WordPress, which were hiddenly fixed in version 3.5.2 http://securityvulns.ru/docs29555.html. Here are new ones. These are hiddenly fixed vulnerabilities in such versions of WordPress as 3.6 and 3.6.1. Developers of WP intentionally haven't...

securityvulns•added 2013/12/09 12:0 a.m.•46 views

pineapp mailsecure remote no authenticated privilege escalation & remote execution code

Hi, related this: http://seclists.org/fulldisclosure/2013/Nov/136 In February 2013 I send Pineapp the following information: ----------------------------------------------------------------- It is possible execute any command bash as qmailq unprivilege user, sending only the following https...

securityvulns•added 2013/12/09 12:0 a.m.•38 views

XXE Injection in Spring Framework

Hello! I'll give you additional information concerning advisory XML External Entity XXE Injection in Spring Framework http://securityvulns.ru/docs29758.html. ------------------------- Affected products: ------------------------- - 3.0.0 to 3.2.3 Spring OXM & Spring MVC - 4.0.0.M1 Spring OXM -...

securityvulns•added 2013/12/09 12:0 a.m.•67 views

Cisco Mars Cross-Site Scripting Vulnerability - CVE-2013-5563

Vulnerability Type: Cross-Site Scripting CVE: CVE-2013-5563 Products and affected versions: Cisco Security Monitoring, Analysis and Response System CS-MARS - All versions Vendor Website: http://www.cisco.com/en/US/products/ps6241/ Cisco Advisory: https://tools.cisco.com/bugsearch/bug/CSCul16173...

4.3CVSS5.5AI score0.0096EPSS

securityvulns•added 2013/12/09 12:0 a.m.•115 views

SQL Injection in appRain

Advisory ID: HTB23177 Product: appRain Vendor: appRain Vulnerable Versions: 3.0.2 and probably prior Tested Version: 3.0.2 Advisory Publication: October 9, 2013 without technical details Vendor Notification: October 9, 2013 Public Disclosure: November 6, 2013 Vulnerability Type: SQL Injection...

7.5CVSS0.2AI score0.0248EPSS

securityvulns•added 2013/12/09 12:0 a.m.•100 views

Mybb Ajaxfs Plugin Sql Injection vulnerability

a Sql Injection vulnerability In Mybb Ajaxfs Plugin Version 2.0 @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@...

securityvulns•added 2013/12/09 12:0 a.m.•59 views

Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability

Document Title: =============== Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1105 Video: http://www.vulnerability-lab.com/getcontent.php?id=1104 Release Date: ============= 2013-10-04...

securityvulns•added 2013/12/09 12:0 a.m.•40 views

Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1140 Release Date: ============= 2013-11-20 Vulnerability Laboratory ID VL-ID: ==================================...

securityvulns•added 2013/12/09 12:0 a.m.•67 views

[ MDVSA-2013:263 ] roundcubemail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:263 http://www.mandriva.com/en/support/security/ Package : roundcubemail Date : October 29, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered...

7.5CVSS8.9AI score0.02873EPSS

securityvulns•added 2013/12/09 12:0 a.m.•23 views

Print n Share v5.5 iOS - Multiple Web Vulnerabilities

Document Title: =============== Print n Share v5.5 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1154 Release Date: ============= 2013-12-06 Vulnerability Laboratory ID VL-ID: ==================================== 1154...

Total number of security vulnerabilities47153