Securityvulns - Page 88 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2013/09/09 12:0 a.m.•517 views

VoltEdit CMS SQL Injection Admin Login Bypass & Shell Upload Vulnerability

========================================================================================== VoltEdit CMS SQL Injection Admin Login Bypass & Shell Upload Vulnerability ==========================================================================================...

securityvulns•added 2013/09/09 12:0 a.m.•81 views

Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities

The Wordpress videowhisper-live-streaming-integration Plugin suffers from a Cross-Site Scripting vulnerability. Iranian Exploit DataBase Forum http://iedb.ir/acc http://iedb.ir Exploit Title : Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities Author : Iranian Exploit...

securityvulns•added 2013/09/09 12:0 a.m.•100 views

VUPEN Security Research - Microsoft Internet Explorer "ReplaceAdjacentText" Use-after-free (MS13-059)

VUPEN Security Research - Microsoft Internet Explorer "ReplaceAdjacentText" Use-after-free MS13-059 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of th...

securityvulns•added 2013/09/09 12:0 a.m.•38 views

XSS and CS vulnerabilities in aCMS

Hello 3APA3A! After previous Cross-Site Scripting, Content Spoofing, Information Leakage, Insufficient Authorization and Arbitrary File Uploading vulnerabilities in aCMS, here are new ones. These are Cross-Site Scripting and Content Spoofing vulnerabilities in aCMS. This is commercial CMS...

securityvulns•added 2013/09/09 12:0 a.m.•67 views

CS, XSS and FPD vulnerabilities in MCImageManager for TinyMCE

Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Content Spoofing, Cross-Site Scripting and Full Path...

securityvulns•added 2013/09/09 12:0 a.m.•53 views

NGS00500 Technical Advisory: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE

======= Summary ======= Name: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE Release Date: 30 July 2013 Reference: NGS00500 Discoverer: Richard Warren [email protected] Vendor: Bit51 Vendor Reference: Systems Affected: Bit51 Better WP Security Plugin Version...

securityvulns•added 2013/09/09 12:0 a.m.•65 views

Joomseller "Events Booking Pro" and "JSE Event" reflected XSS

---------------------------------------------------------------------------------------------- Joomseller "Events Booking Pro" and "JSE Event" reflected XSS ---------------------------------------------------------------------------------------------- + Software Link:...

securityvulns•added 2013/09/09 12:0 a.m.•74 views

[USN-1939-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1939-1 September 06, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.9CVSS7.1AI score0.03209EPSS

securityvulns•added 2013/09/09 12:0 a.m.•107 views

MojoPortal XSS

Class Stored Cross-Site Scripting Remote Yes Credit Michael Savage of Dionach [email protected] Vulnerable MojoPortal 2.3.9.7 MojoPortal is prone to a stored cross-site scripting vulnerability because it does not escape the titles of forum threads when inserting into the page title element. An...

securityvulns•added 2013/09/09 12:0 a.m.•34 views

exactimage DoS

Few dcraw vulnerabilities...

4.3CVSS2AI score0.00512EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/09/09 12:0 a.m.•132 views

[SECURITY] [DSA 2740-1] python-django security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2740-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 23, 2013 http://www.debian.org/security/faq -...

securityvulns•added 2013/09/09 12:0 a.m.•49 views

Sql Injection in "2easy Web Applications"

Hi! I have discovered a sql injection bug in "2easy Web Applications". vendor: http://www.2easy.gr/ bug in: readText.asp?textID= live examples: http://www.mroe.org/en/readText.asp?textID=223 http://www.ananeotiki.gr/el/readText.asp?textID=7078 http://www.vpg.nu/sv/readText.asp?textID=8 and so on...

securityvulns•added 2013/09/09 12:0 a.m.•41 views

Vulnerabilities in Avaya IP Office Customer Call Reporter

Hello 3APA3A! I want to warn you about vulnerabilities in Avaya IP Office Customer Call Reporter. These are Remote HTML Include and Remote XSS Include Cross-Site Scripting vulnerabilities. After I found multiple vulnerabilities in Avaya IP Office Customer Call Reporter in December, I informed ZDI...

securityvulns•added 2013/09/09 12:0 a.m.•38 views

Vulnerabilities in Avaya IP Office Customer Call Reporter

Hello 3APA3A! I want to warn you about vulnerabilities in Avaya IP Office Customer Call Reporter. These are Remote HTML Include and Remote XSS Include Cross-Site Scripting vulnerabilities. After I found multiple vulnerabilities in Avaya IP Office Customer Call Reporter in December, I informed ZDI...

securityvulns•added 2013/09/09 12:0 a.m.•68 views

Multiple Vulnerabilities in BigTree CMS

Advisory ID: HTB23165 Product: BigTree CMS Vendor: BigTree CMS Vulnerable Versions: 4.0 RC2 and probably prior Tested Version: 4.0 RC2 Vendor Notification: July 17, 2013 Vendor Patch: July 17, 2013 Public Disclosure: August 7, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...

7.5CVSS0.4AI score0.04522EPSS

securityvulns•added 2013/09/09 12:0 a.m.•34 views

XSS and CS vulnerabilities in aCMS

Hello 3APA3A! After previous Cross-Site Scripting, Content Spoofing, Information Leakage, Insufficient Authorization and Arbitrary File Uploading vulnerabilities in aCMS, here are new ones. These are Cross-Site Scripting and Content Spoofing vulnerabilities in aCMS. This is commercial CMS...

securityvulns•added 2013/09/09 12:0 a.m.•84 views

CakePHP AssetDispatcher Local File Inclusion Vulnerability

CVE Number: N/A not assigned Title: CakePHP AssetDispatcher Local File Inclusion Vulnerability Affected Software: Confirmed on CakePHP v2.3.7, v2.2.8 prior versions may also be affected Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.8 & 2.2.9 was released which...

securityvulns•added 2013/09/09 12:0 a.m.•58 views

[SECURITY] [DSA 2750-1] imagemagick security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2750-1 [email protected] http://www.debian.org/security/ Florian Weimer September 03, 2013 http://www.debian.org/security/faq -...

4.3CVSS1.9AI score0.00943EPSS

securityvulns•added 2013/09/09 12:0 a.m.•44 views

Usernoise 3.7.8 WP plugin cross-site scripting vulnerability

Details ============================= Application: Usernoise http://usernoise.karevn.com/ Version: 3.7.8 probably earlier versions as well Type: Wordpress plugin Developer: Nikolay Karev http://karevn.com/ - http://profiles.wordpress.org/karevn/ Vulnerability: Unauthorized persistent cross-site...

securityvulns•added 2013/09/09 12:0 a.m.•113 views

Drupal Node View Permissions module and Flag module Vulnerabilities

The drupal security team has released the following security advisories. https://drupal.org/node/2076315 https://drupal.org/node/2076221 Regards, Daniel http://www.itsecuritycenter.com/...

securityvulns•added 2013/09/09 12:0 a.m.•37 views

[ MDVSA-2013:225 ] libdigidoc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:225 http://www.mandriva.com/en/support/security/ Package : libdigidoc Date : September 2, 2013 Affected: Business Server 1.0 Problem Description: Updated libdigidoc packages fix security vulnerability: Fixed...

6.8CVSS6.4AI score0.006EPSS

securityvulns•added 2013/09/09 12:0 a.m.•62 views

Vulnerabilities in multiple plugins for WordPress with GDD FLVPlayer

Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in multiple web applications with GDD FLVPlayer. Earlier I wrote about vulnerabilities in GDD FLVPlayer http://seclists.org/fulldisclosure/2013/Aug/247. This is video and audio player, which is used at thousands web...

securityvulns•added 2013/09/09 12:0 a.m.•43 views

APPLE-SA-2013-09-06-1 AirPort Base Station Firmware Update 7.6.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-06-1 AirPort Base Station Firmware Update 7.6.4 AirPort Base Station Firmware Update 7.6.4 is now available and addresses the following: Available for: AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with...

5.4CVSS5.8AI score0.00428EPSS

securityvulns•added 2013/09/09 12:0 a.m.•42 views

XSS and CS vulnerability in Soltech.CMS

Hello 3APA3A! Earlier I wrote about SQL Injection vulnerability and these are new holes in Soltech.CMS. There are Cross-Site Scripting and Content Spoofing vulnerabilities in Soltech.CMS. This is commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are...

securityvulns•added 2013/09/09 12:0 a.m.•35 views

RSA Archer GRC security vulnerabilities

Invalid login restrictions, open redirect...

6CVSS3.2AI score0.00224EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/09/09 12:0 a.m.•65 views

PHPFox v3.6.0 (build3) Multiple SQL Injection vulnerabilities

------------------------------------------------------------ PHPFox v3.6.0 build3 Multiple SQL Injection vulnerabilities ------------------------------------------------------------ == Description == - Software link: http://www.phpfox.com - Affected versions: version 3.6.0 build3 is vulnerable...

securityvulns•added 2013/09/09 12:0 a.m.•78 views

[USN-1944-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1944-1 September 06, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.9CVSS0.1AI score0.00109EPSS

securityvulns•added 2013/09/09 12:0 a.m.•68 views

[KIS-2013-06] vtiger CRM <= 5.4.0 (SOAP Services) Multiple SQL Injection Vulnerabilities

-------------------------------------------------------------------------- vtiger CRM = 5.4.0 SOAP Services Multiple SQL Injection Vulnerabilities -------------------------------------------------------------------------- - Software Link: http://www.vtiger.com/ - Affected Versions: All versions...

7.5CVSS0.1AI score0.00363EPSS

securityvulns•added 2013/09/09 12:0 a.m.•262 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9.3CVSS1.6AI score0.94325EPSS

Exploits78References59Affected Software38

securityvulns•added 2013/09/09 12:0 a.m.•67 views

[KIS-2013-07] vtiger CRM <= 5.4.0 (vtigerolservice.php) PHP Code Injection Vulnerability

-------------------------------------------------------------------------- vtiger CRM = 5.4.0 vtigerolservice.php PHP Code Injection Vulnerability -------------------------------------------------------------------------- - Software Link: http://www.vtiger.com/ - Affected Versions: All versions...

0.3AI score0.8812EPSS

securityvulns•added 2013/09/09 12:0 a.m.•48 views

XSS and FPD vulnerabilities in WPtouch and WPtouch Pro for WordPress

Hello 3APA3A! I want to inform you about vulnerabilities in WPtouch and WPtouch Pro plugins for WordPress. These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in ZeroClipboard.swf, which is used in the plugin. In February I wrote about Cross-Site Scripting...

securityvulns•added 2013/09/09 12:0 a.m.•344 views

VoltEdit CMS SQL Injection Admin Login Bypass & Shell Upload Vulnerability

========================================================================================== VoltEdit CMS SQL Injection Admin Login Bypass & Shell Upload Vulnerability ==========================================================================================...

securityvulns•added 2013/09/09 12:0 a.m.•28 views

CS and XSS vulnerabilities in GDD FLVPlayer

Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in GDD FLVPlayer. ------------------------- Affected products: ------------------------- Vulnerable are GDD FLVPlayer v3.635 and previous versions. ------------------------- Affected vendors: -----------------------...

securityvulns•added 2013/09/09 12:0 a.m.•61 views

VUPEN Security Research - Microsoft Windows "LdrHotPatchRoutine" Remote ASLR Bypass (Pwn2Own 2013 / MS13-063)

Microsoft Windows "LdrHotPatchRoutine" Remote ASLR Bypass Pwn2Own 2013 / MS13-063 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft...

securityvulns•added 2013/09/09 12:0 a.m.•93 views

[ MDVSA-2013:213 ] xymon

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:213 http://www.mandriva.com/en/support/security/ Package : xymon Date : August 13, 2013 Affected: Business Server 1.0 Problem Description: Updated xymon package fixes security vulnerability: A security...

5CVSS6.2AI score0.0071EPSS

securityvulns•added 2013/09/09 12:0 a.m.•46 views

Microsoft Internet Explorer multiple security vulnerabilities

Protection bypass, crossite scripting, memory corruptions...

9.3CVSS1.8AI score0.78922EPSS

Exploits12References2Affected Software1

securityvulns•added 2013/09/09 12:0 a.m.•43 views

SQL Injection vulnerability in Soltech.CMS

Hello 3APA3A! There is SQL Injection vulnerability in Soltech.CMS. This is commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are Soltech.CMS v 0.4 and previous versions. ------------------------- Affected vendors: ------------------------- Soltech...

securityvulns•added 2013/09/09 12:0 a.m.•70 views

Joomla core <= 3.1.5 reflected XSS vulnerability

============================================================ - Original release date: August 05, 2013 - Discovered by: Emilio Pinna Application Security Analyst at Abinsula - Contact: emilio dot pinn at gmail dot com - Severity: 4.3/10 Base CVSS Score...

securityvulns•added 2013/09/09 12:0 a.m.•59 views

SQL Injection in Cotonti

Advisory ID: HTB23164 Product: Cotonti Vendor: Cotonti Team Vulnerable Versions: 0.9.13 and probably prior Tested Version: 0.9.13 Vendor Notification: July 10, 2013 Vendor Patch: July 17, 2013 Public Disclosure: July 31, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2013-4789...

7.5CVSS0.4AI score0.01022EPSS

securityvulns•added 2013/09/09 12:0 a.m.•91 views

[PSA-2013-0903-1] Apple Safari Heap Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0903-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Apple...

5.1CVSS0.4AI score0.11812EPSS

securityvulns•added 2013/09/09 12:0 a.m.•122 views

CS, XSS and FPD vulnerabilities in MCImageManager for TinyMCE

Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Content Spoofing, Cross-Site Scripting and Full Path...

securityvulns•added 2013/09/09 12:0 a.m.•34 views

RoundCube crossite scripting

Multiple crossite scripting vulnerabilities via message body...

4.3CVSS2.4AI score0.00305EPSS

Exploits2References1Affected Software1

securityvulns•added 2013/09/09 12:0 a.m.•42 views

[ MDVSA-2013:220 ] lcms

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:220 http://www.mandriva.com/en/support/security/ Package : lcms Date : August 27, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated lcms packages fix security...

4.3CVSS6.9AI score0.02338EPSS

securityvulns•added 2013/09/09 12:0 a.m.•416 views

Struts2 Prefixed Parameters OGNL Injection Vulnerability

CVE Number: CVE-2013-2251 Title: Struts2 Prefixed Parameters OGNL Injection Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was released which fixes this vulnerability Issue ID by Vender: S2-016...

9.3CVSS0.6AI score0.94325EPSS

securityvulns•added 2013/09/09 12:0 a.m.•56 views

Full Disclosure - Multiple vulnerabilities in five Zoom ADSL Modem/Routers

Five models of the Zoom Telephonics ADSL Modem/Router line suffer from multiple critical vulnerabilities, almost all being of a remote access attack vector. Models affected: Zoom X3 ADSL Modem/Router Zoom X4 ADSL Modem/Router Zoom X5 ADSL Modem/Router Zoom ADSL Bridge Modem Model 5715 1...

securityvulns•added 2013/09/09 12:0 a.m.•49 views

Joomla com_sectionex v2.5.96 SQL Injection vulnerabilities

------------------------------------------------------------------------------------- Joomla comsectionex v2.5.96 SQL Injection vulnerabilities ------------------------------------------------------------------------------------- == Description == - Software link: http://stackideas.com/sectionex ...

securityvulns•added 2013/09/09 12:0 a.m.•38 views

XSS and CS vulnerability in Soltech.CMS

Hello 3APA3A! Earlier I wrote about SQL Injection vulnerability and these are new holes in Soltech.CMS. There are Cross-Site Scripting and Content Spoofing vulnerabilities in Soltech.CMS. This is commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are...

securityvulns•added 2013/09/09 12:0 a.m.•32 views

Insufficient Authorization vulnerability in Act

Hello 3APA3A! This is Insufficient Authorization vulnerability in Act. It is conference software on Perl. Besides Insufficient Authorization, there are a lot of other vulnerabilities in Act. ------------------------- Affected products: ------------------------- Vulnerable are all versions of Act...

securityvulns•added 2013/09/09 12:0 a.m.•68 views

Joomla! redSHOP component v1.2 SQL Injection

-------------------------------------------- Joomla! redSHOP component v1.2 SQL Injection -------------------------------------------- == Description == - Product: Joomla! redSHOP component - Product link: http://redcomponent.com/redcomponent/redshop - Vendor: redcomponent - Affected versions:...

securityvulns•added 2013/09/09 12:0 a.m.•38 views

[RCA-201308-01] HMS Testimonials 2.0.10 WP plugin - Multiple vulnerabilities

Details ======================== Application: HMS Testimonials http://wordpress.org/plugins/hms-testimonials/ Version: 2.0.10 Type: Wordpress Plugin Vendor: Jeff Kreitner http://profiles.wordpress.org/kreitje/ Vulnerability: - Cross-Site Request Forgery CWE-352 - Cross-Site Scripting CWE-79...

Total number of security vulnerabilities47153