Securityvulns - Page 78 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2013/12/16 12:0 a.m.•52 views

Microsoft Office security vulnerabilities

Informatio leakage on Sharepoint files access, Microsoft Office Shared Component information leakage...

4.3CVSS1.8AI score0.14803EPSS

Exploits0Affected Software1

securityvulns•added 2013/12/09 12:0 a.m.•57 views

Multiple issues in OpenSSL - BN (multiprecision integer arithmetics).

General info: ============= The bn multiprecision integer arithmetics part of the OpenSSL library is prone to null ptr deref, off-by-one and others resulting in DoS/crashes. Versions tested were between 0.9.8k and 1.0.1e. We were too lazcough busy to prepare the fancy table, sorry guys. Some PoC...

securityvulns•added 2013/12/09 12:0 a.m.•106 views

[PT-2013-63] Hash Length Extension in HTMLPurifier

----------------------------------------------------------- PT-2013-63 Positive Technologies Security Advisory Hash Length Extension in HTMLPurifier ----------------------------------------------------------- --- Vulnerable software HTMLPurifier Version: 4.5.0 and earlier Link:...

securityvulns•added 2013/12/09 12:0 a.m.•35 views

My File Explorer v1.3.1 iOS - Multiple Web Vulnerabilities

Document Title: =============== My File Explorer v1.3.1 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1107 Release Date: ============= 2013-10-09 Vulnerability Laboratory ID VL-ID: ====================================...

securityvulns•added 2013/12/09 12:0 a.m.•95 views

[ISecAuditors Security Advisories] PL/SQL Injection in Oracle Portal Demo Organization Chart

============================================= INTERNET SECURITY AUDITORS ALERT 2012-001 - Original release date: November 8th, 2012 - Last revised: March 20th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2013-3831...

5.5CVSS0.1AI score0.00164EPSS

securityvulns•added 2013/12/09 12:0 a.m.•60 views

[USN-2028-1] Apache XML Security for Java vulnerability

========================================================================== Ubuntu Security Notice USN-2028-1 November 12, 2013 libxml-security-java vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

4.3CVSS0.5AI score0.03643EPSS

securityvulns•added 2013/12/09 12:0 a.m.•113 views

SQL Injection in appRain

Advisory ID: HTB23177 Product: appRain Vendor: appRain Vulnerable Versions: 3.0.2 and probably prior Tested Version: 3.0.2 Advisory Publication: October 9, 2013 without technical details Vendor Notification: October 9, 2013 Public Disclosure: November 6, 2013 Vulnerability Type: SQL Injection...

7.5CVSS0.2AI score0.02569EPSS

securityvulns•added 2013/12/09 12:0 a.m.•118 views

Remote Code Execution in Microweber

Advisory ID: HTB23175 Product: Microweber Vendor: Microweber Vulnerable Versions: 0.8 and probably prior Tested Version: 0.8 Advisory Publication: September 25, 2013 without technical details Vendor Notification: September 25, 2013 Vendor Patch: September 26, 2013 Public Disclosure: October 16,...

6.4CVSS0.3AI score0.01122EPSS

securityvulns•added 2013/12/09 12:0 a.m.•40 views

Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities

Document Title: =============== Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1120 Release Date: ============= 2013-10-26 Vulnerability Laboratory ID VL-ID: ==================================...

securityvulns•added 2013/12/09 12:0 a.m.•47 views

Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities

Document Title: =============== Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1153 Release Date: ============= 2013-12-02 Vulnerability Laboratory ID VL-ID: ==================================...

securityvulns•added 2013/12/09 12:0 a.m.•56 views

Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability

Document Title: =============== Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1105 Video: http://www.vulnerability-lab.com/getcontent.php?id=1104 Release Date: ============= 2013-10-04...

securityvulns•added 2013/12/09 12:0 a.m.•35 views

Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1140 Release Date: ============= 2013-11-20 Vulnerability Laboratory ID VL-ID: ==================================...

securityvulns•added 2013/12/09 12:0 a.m.•123 views

Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities

Document Title: =============== Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1117 Release Date: ============= 2013-10-18 Vulnerability Laboratory ID VL-ID:...

securityvulns•added 2013/12/09 12:0 a.m.•380 views

Opencart Multiple Vulnerabilities

Title: Opencart Multiple Vulnerabilities Vendor: http://www.opencart.com Vulnerabilities: Arbitrary File Upload, XSS, Path Disclosure Vulnerable Version: opencart 1.5.6 prior versions also may be affected Exploitation: Remote with browser Impact: High Vendor Supplied Patch: N/A Original Advisory...

securityvulns•added 2013/12/09 12:0 a.m.•22 views

OpenSSL multiple security vulnerabilities

NULL pointer dereference, off-by one buffer overflow, DoS...

Exploits0References1Affected Software1

securityvulns•added 2013/12/09 12:0 a.m.•65 views

[ MDVSA-2013:263 ] roundcubemail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:263 http://www.mandriva.com/en/support/security/ Package : roundcubemail Date : October 29, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered...

7.5CVSS8.9AI score0.01114EPSS

securityvulns•added 2013/12/09 12:0 a.m.•41 views

CVE-2013-4425: Private key disclosure, Osirix (lite, 64bit and FDA cleader version) (Medical Application)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Private key disclosure, Osirix lite, 64bit and FDA cleader version CVE-2013-4425 version 1.09 CVSS Score: 8.4 Background: =========== OsiriX is an image processing software dedicated to DICOM images files with a ".dcm" / ".DCM" extension produced by...

1.9CVSS6.7AI score0.00056EPSS

securityvulns•added 2013/12/09 12:0 a.m.•64 views

Multiple Cross-Site Scripting (XSS) in Claroline

Advisory ID: HTB23179 Product: Claroline Vendor: Claroline Consortium Vulnerable Versions: 1.11.8 and probably prior Tested Version: 1.11.8 Advisory Publication: October 23, 2013 without technical details Vendor Notification: October 23, 2013 Vendor Patch: November 7, 2013 Public Disclosure:...

4.3CVSS6.5AI score0.00515EPSS

securityvulns•added 2013/12/09 12:0 a.m.•42 views

pixman integer overflow

No description provided...

5CVSS3.6AI score0.02998EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/12/09 12:0 a.m.•71 views

[ MDVSA-2013:285 ] bugzilla

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:285 http://www.mandriva.com/en/support/security/ Package : bugzilla Date : November 26, 2013 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities was found and corrected in bugzilla:...

6.8CVSS6.3AI score0.00903EPSS

securityvulns•added 2013/12/09 12:0 a.m.•35 views

GNU GIMP memory corruption

Memory corruption on XWD files parsing...

6.8CVSS3.3AI score0.03438EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/12/09 12:0 a.m.•62 views

[USN-2051-1] GIMP vulnerability

========================================================================== Ubuntu Security Notice USN-2051-1 December 09, 2013 gimp vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.8CVSS0.6AI score0.03438EPSS

securityvulns•added 2013/12/09 12:0 a.m.•38 views

OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability

Document Title: =============== OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1110 Release Date: ============= 2013-10-13 Vulnerability Laboratory ID VL-ID:...

securityvulns•added 2013/12/09 12:0 a.m.•64 views

D-Link DIR-XXX remote root access exploit.

General info: ============= A lot have been already said about SOHO routers. Thus, without further ado another nail in the coffin. knock knock =========== -- cut !/bin/sh if -z "$1" ; then echo "d-link DIR-300 all, DIR-600 all, DIR-615 fw 4.0"; echo "exploited by AKAT-1,...

securityvulns•added 2013/12/09 12:0 a.m.•37 views

SKIDATA RFID Freemotion.Gate code execution

Code execution via TCP/7777 web interface...

Exploits0References1Affected Software1

securityvulns•added 2013/12/09 12:0 a.m.•43 views

Vulnerabilities hiddenly fixed in WordPress 3.5 and 3.5.1

Hello list! Earlier I wrote about one vulnerability in WordPress, which were hiddenly fixed in version 3.5.2 http://seclists.org/fulldisclosure/2013/Jul/70 and about nine vulnerabilities in versions 3.6 and 3.6.1 http://seclists.org/fulldisclosure/2013/Nov/220. Here are new ones. These are hidden...

securityvulns•added 2013/12/09 12:0 a.m.•43 views

pineapp mailsecure remote no authenticated privilege escalation & remote execution code

Hi, related this: http://seclists.org/fulldisclosure/2013/Nov/136 In February 2013 I send Pineapp the following information: ----------------------------------------------------------------- It is possible execute any command bash as qmailq unprivilege user, sending only the following https...

securityvulns•added 2013/12/09 12:0 a.m.•66 views

[SOJOBO-ADV-13-04] - PHP-Nuke 8.2.4 multiple vulnerabilities

SOJOBO-ADV-13-04 - PHP-Nuke 8.2.4 multiple vulnerabilities I. Information ================== Name : PHP-Nuke 8.2.4 multiple vulnerabilities Software : PHP-Nuke 8.2.4 and possibly below. Vendor Homepage : http://www.phpnuke.org/ Vulnerability Type : File Inclusion and Reflected Cross-Site Scriptin...

securityvulns•added 2013/12/09 12:0 a.m.•125 views

SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution

Title: SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution Product: Freemotion.Gate Vendor: SKIDATA, http://www.skidata.com/en/ RTP|One, http://http://www.rtp.com/ Vulnerable Versions: 4.1.3.5 and likely all prior versions. Tested Version: 4.1.3.5 Original...

securityvulns•added 2013/12/09 12:0 a.m.•31 views

XXE Injection in Spring Framework

Hello! I'll give you additional information concerning advisory XML External Entity XXE Injection in Spring Framework http://securityvulns.ru/docs29758.html. ------------------------- Affected products: ------------------------- - 3.0.0 to 3.2.3 Spring OXM & Spring MVC - 4.0.0.M1 Spring OXM -...

securityvulns•added 2013/12/09 12:0 a.m.•40 views

D-Link routers multiple security vulnerabilities

Shell characters injection, authentication bypass...

9.3CVSS3.5AI score0.00141EPSS

Exploits0References5

securityvulns•added 2013/12/09 12:0 a.m.•53 views

NEW VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2013-0014 Synopsis: VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation Issue date: 2013-12-03 Updat...

7.9CVSS6.4AI score0.0017EPSS

securityvulns•added 2013/12/09 12:0 a.m.•32 views

VMWare privilege escalation

Privilege escalation in the guest system via LGTOSYNC.SYS...

7.9CVSS4.2AI score0.0017EPSS

Exploits0References1Affected Software4

securityvulns•added 2013/12/09 12:0 a.m.•85 views

Vulnerability in Pydio/AjaXplorer <= 5.0.3

Vulnerability in Pydio/AjaXplorer = 5.0.3 ============ Background: Pydio allows you to instantly turn any server into a powerful file sharing platform. Formerly known as AjaXplorer ============ Description of vulnerability There is an unrestricted upload capability, in one of the plugins that is...

8.5CVSS0.6AI score0.19409EPSS

securityvulns•added 2013/12/09 12:0 a.m.•45 views

Open-Xchange Security Advisory 2013-11-25

Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 29648 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 6.22.4 and earlier Vulnerable component: frontend6 Fixed version: 6.22.3-rev5, 6.22.4-rev12...

0.3AI score0.00748EPSS

securityvulns•added 2013/12/09 12:0 a.m.•45 views

Cross-Site Scripting (XSS) in Jamroom

Advisory ID: HTB23184 Product: Jamroom Vendor: Talldude Networks, LLC Vulnerable Versions: 5.0.2 and probably prior Tested Version: 5.0.2 Advisory Publication: November 13, 2013 without technical details Vendor Notification: November 13, 2013 Vendor Patch: November 13, 2013 Public Disclosure:...

4.3CVSS6.3AI score0.00285EPSS

securityvulns•added 2013/12/09 12:0 a.m.•22 views

Print n Share v5.5 iOS - Multiple Web Vulnerabilities

Document Title: =============== Print n Share v5.5 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1154 Release Date: ============= 2013-12-06 Vulnerability Laboratory ID VL-ID: ==================================== 1154...

securityvulns•added 2013/12/09 12:0 a.m.•60 views

Cisco Mars Cross-Site Scripting Vulnerability - CVE-2013-5563

Vulnerability Type: Cross-Site Scripting CVE: CVE-2013-5563 Products and affected versions: Cisco Security Monitoring, Analysis and Response System CS-MARS - All versions Vendor Website: http://www.cisco.com/en/US/products/ps6241/ Cisco Advisory: https://tools.cisco.com/bugsearch/bug/CSCul16173...

4.3CVSS5.5AI score0.00225EPSS

securityvulns•added 2013/12/09 12:0 a.m.•89 views

[SECURITY] [DSA 2811-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2811-1 [email protected] http://www.debian.org/security/ Michael Gilbert December 07, 2013 http://www.debian.org/security/faq -...

7.5CVSS0.4AI score0.04074EPSS

securityvulns•added 2013/12/09 12:0 a.m.•110 views

Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability

Document Title: =============== Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1125 Release Date: ============= 2013-10-27 Vulnerability Laboratory ID VL-ID: ====================================...

securityvulns•added 2013/12/09 12:0 a.m.•57 views

[USN-2047-1] pixman vulnerability

========================================================================== Ubuntu Security Notice USN-2047-1 December 03, 2013 pixman vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

securityvulns•added 2013/12/09 12:0 a.m.•27 views

Bluetooth U v1.2.0 iOS - Directory Traversal Vulnerability

Document Title: =============== Bluetooth U v1.2.0 iOS - Directory Traversal Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1111 Release Date: ============= 2013-10-16 Vulnerability Laboratory ID VL-ID: ====================================...

securityvulns•added 2013/12/09 12:0 a.m.•65 views

[SE-2012-01] Issue 69 details and IBM Java vulnerabilities

Hello All, The CPU released yesterday Oct 15, 2013 by Oracle included information about a fix for Java SE 7 vulnerability Issue 69 that was reported to the company in July. Issue 69 allows to conduct a very classic attack against Java VM - the so called class spoofing attack. To quote the paper...

securityvulns•added 2013/12/09 12:0 a.m.•459 views

Belkin WiFi NetCam video stream backdoor with unchangeable admin/admin credentials

Product: Product NetCam WiFi Camera With Night Vision, purchased August 2013 Summary: Live video stream is accessible with user/password of admin/admin. The user/password combination admin/admin cannot be changed by the user. This "feature" is undocumented. To reproduce: 1. Connect webcam to...

securityvulns•added 2013/12/09 12:0 a.m.•103 views

ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities

ESA-2013-078.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities EMC Identifier: ESA-2013-078 CVE Identifier: CVE-2013-6173, CVE-2013-6174, CVE-2013-6175, CVE-2013-6176, CVE-2013-6177 Severity Rating: CVSS v2 Base Score: See bel...

6.8CVSS7.4AI score0.00735EPSS

securityvulns•added 2013/12/09 12:0 a.m.•97 views

wordpress jigoshop Plugin path disclosure vulnerabilities

the following directories is vulnerable to path disclosure vulnerability in wordpress jigoshop Plugin 1.8 @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@...

securityvulns•added 2013/12/09 12:0 a.m.•66 views

[SECURITY] [DSA 2808-1] openjpeg security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2808-1 [email protected] http://www.debian.org/security/ Raphael Geissert December 03, 2013 http://www.debian.org/security/faq -...

7.5CVSS2.1AI score0.06225EPSS

securityvulns•added 2013/12/09 12:0 a.m.•94 views

XSS and CSRF Horde Groupware Web mail Edition

Exploit Title : XSS and CSRF Horde Groupware Web mail Edition Author:Marcela Benetrix Date: 10/28/13 version: 5.1.2 software link:http://www.horde.org/apps/webmail GroupWare Web mail Edition Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can...

0.2AI score0.01954EPSS

securityvulns•added 2013/12/09 12:0 a.m.•59 views

Apple iPhone / iPad multiple securit vulnerabilities

Multiple vulnerabilities in different system components...

9.3CVSS2.3AI score0.21099EPSS

Exploits12References3Affected Software2

securityvulns•added 2013/12/09 12:0 a.m.•21 views

Osirix information leakage

Secret key is copied into file...

1.9CVSS1.8AI score0.00056EPSS

Exploits0References1Affected Software1

Total number of security vulnerabilities47153