Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2013/09/09 12:0 a.m.260 views

CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework

Severity: Important Vendor: Spring by Pivotal Versions Affected: - 3.0.0 to 3.2.3 Spring OXM & Spring MVC - 4.0.0.M1 Spring OXM - 4.0.0.M1-4.0.0.M2 Spring MVC - Earlier unsupported versions may also be affected Description: The Spring OXM wrapper did not expose any property for disabling entity...

6.8CVSS0.2AI score0.26467EPSS
Exploits1
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.104 views

ESA-2013-057: RSA Archer(r) GRC Multiple Vulnerabilities

ESA-2013-057.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-057: RSA Archer® GRC Multiple Vulnerabilities EMC Identifier: ESA-2013-057 CVE Identifier: CVE-2013-3276, CVE-2013-3277 Severity Rating: CVSS v2 Base Score: See below for individual scores Affected Products: RSA Archer versio...

6CVSS0.3AI score0.01057EPSS
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.70 views

Trustport Webfilter Remote File Access Vulnerability

Trustport Webfilter Remote File Access Vulnerability ==================================================== Affected Product ---------------- Product Name: Trustport Webfilter Product Version: 5.5.0.2232 Platform: Microsoft Windows Product/Company Information --------------------------- From...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.111 views

[ MDVSA-2013:203 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:203 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : July 30, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discover...

6.5CVSS6.8AI score0.01832EPSS
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.89 views

Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities

The Wordpress videowhisper-live-streaming-integration Plugin suffers from a Cross-Site Scripting vulnerability. Iranian Exploit DataBase Forum http://iedb.ir/acc http://iedb.ir Exploit Title : Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities Author : Iranian Exploit...

Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.201 views

Struts2 Prefixed Parameters Open Redirect Vulnerability

CVE Number: CVE-2013-2248 Title: Struts2 Prefixed Parameters Open Redirect Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was released which fixes this vulnerability Issue ID by Vender: S2-017...

5.8CVSS0.3AI score0.94654EPSS
Exploits4
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.420 views

Struts2 Prefixed Parameters OGNL Injection Vulnerability

CVE Number: CVE-2013-2251 Title: Struts2 Prefixed Parameters OGNL Injection Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was released which fixes this vulnerability Issue ID by Vender: S2-016...

9.3CVSS0.6AI score0.99998EPSS
Exploits20
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.60 views

[SECURITY] [DSA 2750-1] imagemagick security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2750-1 [email protected] http://www.debian.org/security/ Florian Weimer September 03, 2013 http://www.debian.org/security/faq -...

4.3CVSS1.9AI score0.04688EPSS
Exploits1
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.43 views

imagemagic buffer overflow

Buffer overflow on GIF parsing...

4.3CVSS5.4AI score0.04688EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.63 views

VUPEN Security Research - Microsoft Windows "LdrHotPatchRoutine" Remote ASLR Bypass (Pwn2Own 2013 / MS13-063)

Microsoft Windows "LdrHotPatchRoutine" Remote ASLR Bypass Pwn2Own 2013 / MS13-063 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.116 views

Drupal Node View Permissions module and Flag module Vulnerabilities

The drupal security team has released the following security advisories. https://drupal.org/node/2076315 https://drupal.org/node/2076221 Regards, Daniel http://www.itsecuritycenter.com/...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.60 views

NGS00500 Technical Advisory: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE

======= Summary ======= Name: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE Release Date: 30 July 2013 Reference: NGS00500 Discoverer: Richard Warren [email protected] Vendor: Bit51 Vendor Reference: Systems Affected: Bit51 Better WP Security Plugin Version...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.21 views

libdigidoc unauthorized access

It's possible to overwrite any file...

6.8CVSS3.4AI score0.02053EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.84 views

SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598)

SilverStripeR Information Exposure Through Query Strings in GET Request CWE-598 - CVE: CVE-2013-2653 - CWE: CWE-598 - Deloitte Argentina Advisory Code: DTTAR-20130002 - Vendor Status: CONFIRMED - Vendor Disclosure Date: May, 8th, 2013. - Public Disclosure Date: August, 1st, 2013. - Vendors...

5.8CVSS0.2AI score0.04071EPSS
Exploits2
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.53 views

APPLE-SA-2013-09-06-1 AirPort Base Station Firmware Update 7.6.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-06-1 AirPort Base Station Firmware Update 7.6.4 AirPort Base Station Firmware Update 7.6.4 is now available and addresses the following: Available for: AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with...

5.4CVSS5.8AI score0.0107EPSS
Exploits1
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.70 views

Multiple Vulnerabilities in BigTree CMS

Advisory ID: HTB23165 Product: BigTree CMS Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public Disclosure: August 7, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...

7.5CVSS0.4AI score0.03295EPSS
Exploits8
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.143 views

Path Traversal in DeWeS Web Server (Twilight CMS)

Advisory ID: HTB23167 Product: DeWeS web server Twilight CMS Vendor: Strata Technologies LLC Vulnerable Versions: 0.4.2 and probably prior Tested Version: 0.4.2 Vendor Notification: July 24, 2013 Public Disclosure: August 21, 2013 Vulnerability Type: Path Traversal CWE-22 CVE Reference:...

5CVSS0.04111EPSS
Exploits5
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.77 views

[ MDVSA-2013:226 ] roundcubemail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:226 http://www.mandriva.com/en/support/security/ Package : roundcubemail Date : September 5, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been...

4.3CVSS8AI score0.0188EPSS
Exploits2
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.53 views

Sql Injection in "2easy Web Applications"

Hi! I have discovered a sql injection bug in "2easy Web Applications". vendor: http://www.2easy.gr/ bug in: readText.asp?textID= live examples: http://www.mroe.org/en/readText.asp?textID=223 http://www.ananeotiki.gr/el/readText.asp?textID=7078 http://www.vpg.nu/sv/readText.asp?textID=8 and so on...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.36 views

Apple AitPort DoS

Hang on invalid length packets processing...

5.4CVSS1.6AI score0.0107EPSS
Exploits1References1
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.44 views

XSS and CS vulnerabilities in aCMS

Hello 3APA3A! After previous Cross-Site Scripting, Content Spoofing, Information Leakage, Insufficient Authorization and Arbitrary File Uploading vulnerabilities in aCMS, here are new ones. These are Cross-Site Scripting and Content Spoofing vulnerabilities in aCMS. This is commercial CMS...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.127 views

CS, XSS and FPD vulnerabilities in MCImageManager for TinyMCE

Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Content Spoofing, Cross-Site Scripting and Full Path...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.352 views

VoltEdit CMS SQL Injection Admin Login Bypass & Shell Upload Vulnerability

========================================================================================== VoltEdit CMS SQL Injection Admin Login Bypass & Shell Upload Vulnerability ==========================================================================================...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.60 views

SQL Injection in Cotonti

Advisory ID: HTB23164 Product: Cotonti Vendor: Cotonti Team Vulnerable Versions: 0.9.13 and probably prior Tested Version: 0.9.13 Vendor Notification: July 10, 2013 Vendor Patch: July 17, 2013 Public Disclosure: July 31, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2013-4789...

7.5CVSS0.4AI score0.02624EPSS
Exploits5
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.77 views

[USN-1939-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1939-1 September 06, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.9CVSS7.1AI score0.04707EPSS
Exploits1
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.73 views

ReviewBoard Vulnerabilities

ReviewBoard www.reviewboard.org aims to 'take the pain out of code review'. Integration with source control makes it imperative to maintain proper protections on this server. I have worked with the developers to resolve multiple XSS conditions and harden web server configurations. The XSS...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.47 views

Usernoise 3.7.8 WP plugin cross-site scripting vulnerability

Details ============================= Application: Usernoise http://usernoise.karevn.com/ Version: 3.7.8 probably earlier versions as well Type: Wordpress plugin Developer: Nikolay Karev http://karevn.com/ - http://profiles.wordpress.org/karevn/ Vulnerability: Unauthorized persistent cross-site...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.61 views

Vulnerabilities in multiple web applications with GDD FLVPlayer

Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in multiple web applications with GDD FLVPlayer. Earlier I've wrote about vulnerabilities in GDD FLVPlayer http://seclists.org/fulldisclosure/2013/Aug/247. This is video and audio player, which is used at thousands...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.47 views

Vulnerabilities in Avaya IP Office Customer Call Reporter

Hello 3APA3A! I want to warn you about vulnerabilities in Avaya IP Office Customer Call Reporter. These are Remote HTML Include and Remote XSS Include Cross-Site Scripting vulnerabilities. After I found multiple vulnerabilities in Avaya IP Office Customer Call Reporter in December, I informed ZDI...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.130 views

Cross-Site Scripting (XSS) in Twilight CMS

Advisory ID: HTB23166 Product: Twilight CMS Vendor: Strata Technologies LLC Vulnerable Versions: 5.17 and probably prior Tested Version: 5.17 Vendor Notification: July 24, 2013 Vendor Patch: August 15, 2013 Public Disclosure: August 21, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...

4.3CVSS0.01193EPSS
Exploits3
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.75 views

CS, XSS and FPD vulnerabilities in MCImageManager for TinyMCE

Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Content Spoofing, Cross-Site Scripting and Full Path...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.104 views

VUPEN Security Research - Microsoft Internet Explorer "ReplaceAdjacentText" Use-after-free (MS13-059)

VUPEN Security Research - Microsoft Internet Explorer "ReplaceAdjacentText" Use-after-free MS13-059 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of th...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.74 views

[KIS-2013-08] vtiger CRM <= 5.4.0 (SOAP Services) Authentication Bypass Vulnerability

----------------------------------------------------------------------- vtiger CRM = 5.4.0 SOAP Services Authentication Bypass Vulnerability ----------------------------------------------------------------------- - Software Link: http://www.vtiger.com/ - Affected Versions: All versions from 5.1.0...

0.2AI score0.68849EPSS
Exploits8
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.65 views

[SECURITY] [DSA 2751-1] libmodplug security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2751-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 04, 2013 http://www.debian.org/security/faq -...

6.8CVSS2.2AI score0.04352EPSS
Exploits2
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.37 views

libmodplug security vulnerabilities

Few code execution possibilities...

6.8CVSS2.9AI score0.04352EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.59 views

Full Disclosure - Multiple vulnerabilities in five Zoom ADSL Modem/Routers

Five models of the Zoom Telephonics ADSL Modem/Router line suffer from multiple critical vulnerabilities, almost all being of a remote access attack vector. Models affected: Zoom X3 ADSL Modem/Router Zoom X4 ADSL Modem/Router Zoom X5 ADSL Modem/Router Zoom ADSL Bridge Modem Model 5715 1...

0.4AI score
Exploits5
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.49 views

SQL Injection vulnerability in Soltech.CMS

Hello 3APA3A! There is SQL Injection vulnerability in Soltech.CMS. This is commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are Soltech.CMS v 0.4 and previous versions. ------------------------- Affected vendors: ------------------------- Soltech...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.67 views

Joomseller "Events Booking Pro" and "JSE Event" reflected XSS

---------------------------------------------------------------------------------------------- Joomseller "Events Booking Pro" and "JSE Event" reflected XSS ---------------------------------------------------------------------------------------------- + Software Link:...

Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.108 views

MojoPortal XSS

Class Stored Cross-Site Scripting Remote Yes Credit Michael Savage of Dionach [email protected] Vulnerable MojoPortal 2.3.9.7 MojoPortal is prone to a stored cross-site scripting vulnerability because it does not escape the titles of forum threads when inserting into the page title element. An...

1AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.147 views

Joomla! VirtueMart component <= 2.0.22a - SQL Injection

------------------------------------------------------------ Joomla! VirtueMart component = 2.0.22a - SQL Injection ------------------------------------------------------------ == Description == - Software link: http://www.virtuemart.net/ - Affected versions: All versions between 2.0.8 and 2.0.22...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.74 views

Joomla! redSHOP component v1.2 SQL Injection

-------------------------------------------- Joomla! redSHOP component v1.2 SQL Injection -------------------------------------------- == Description == - Product: Joomla! redSHOP component - Product link: http://redcomponent.com/redcomponent/redshop - Vendor: redcomponent - Affected versions:...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.32 views

CS and XSS vulnerabilities in GDD FLVPlayer

Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in GDD FLVPlayer. ------------------------- Affected products: ------------------------- Vulnerable are GDD FLVPlayer v3.635 and previous versions. ------------------------- Affected vendors: -----------------------...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.67 views

Vulnerabilities in multiple plugins for WordPress with GDD FLVPlayer

Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in multiple web applications with GDD FLVPlayer. Earlier I wrote about vulnerabilities in GDD FLVPlayer http://seclists.org/fulldisclosure/2013/Aug/247. This is video and audio player, which is used at thousands web...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.33 views

Zoom routers multiple security vulnerabilities

Directory traversal, authentication bypass, information leakage...

3AI score
Exploits5References1
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.62 views

WebKit / Appl Safari / Google Chrome security vulnerabilities

Race conditions, use-after-free...

10CVSS2.1AI score0.14415EPSS
Exploits3References2Affected Software2
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.31 views

Cisco WebEx applications multiple security vulnerabilities

Memory corruptions, buffer overflows...

9.3CVSS2.9AI score0.03189EPSS
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.66 views

Cross-Site Scripting (XSS) in BackWPup WordPress Plugin

Advisory ID: HTB23161 Product: BackWPup WordPress Plugin Vendor: Inpsyde GmbH Vulnerable Versions: 3.0.12 and probably prior Tested Version: 3.0.12 Vendor Notification: June 19, 2013 Vendor Patch: August 12, 2013 Public Disclosure: August 21, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 C...

4.3CVSS5.5AI score0.02058EPSS
Exploits3
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.70 views

[KIS-2013-07] vtiger CRM <= 5.4.0 (vtigerolservice.php) PHP Code Injection Vulnerability

-------------------------------------------------------------------------- vtiger CRM = 5.4.0 vtigerolservice.php PHP Code Injection Vulnerability -------------------------------------------------------------------------- - Software Link: http://www.vtiger.com/ - Affected Versions: All versions...

0.3AI score0.84535EPSS
Exploits13
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.35 views

RoundCube crossite scripting

Multiple crossite scripting vulnerabilities via message body...

4.3CVSS2.4AI score0.0188EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.134 views

[SECURITY] [DSA 2740-1] python-django security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2740-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 23, 2013 http://www.debian.org/security/faq -...

1.5AI score
Exploits0
Total number of security vulnerabilities47153