Securityvulns - Page 89 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2013/09/09 12:0 a.m.•51 views

Mikrotik RouterOS buffer overflow

ssh daemon buffer overflow...

Exploits0References1

securityvulns•added 2013/09/09 12:0 a.m.•138 views

Path Traversal in DeWeS Web Server (Twilight CMS)

Advisory ID: HTB23167 Product: DeWeS web server Twilight CMS Vendor: Strata Technologies LLC Vulnerable Versions: 0.4.2 and probably prior Tested Version: 0.4.2 Vendor Notification: July 24, 2013 Public Disclosure: August 21, 2013 Vulnerability Type: Path Traversal CWE-22 CVE Reference:...

5CVSS0.22165EPSS

securityvulns•added 2013/09/09 12:0 a.m.•46 views

[ MDVSA-2013:206 ] owncloud

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:206 http://www.mandriva.com/en/support/security/ Package : owncloud Date : August 5, 2013 Affected: Business Server 1.0 Problem Description: Updated owncloud package fixes security vulnerabilities: XSS...

securityvulns•added 2013/09/09 12:0 a.m.•66 views

Trustport Webfilter Remote File Access Vulnerability

Trustport Webfilter Remote File Access Vulnerability ==================================================== Affected Product ---------------- Product Name: Trustport Webfilter Product Version: 5.5.0.2232 Platform: Microsoft Windows Product/Company Information --------------------------- From...

securityvulns•added 2013/09/09 12:0 a.m.•108 views

[ MDVSA-2013:203 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:203 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : July 30, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discover...

6.5CVSS6.8AI score0.00374EPSS

securityvulns•added 2013/09/09 12:0 a.m.•82 views

SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598)

SilverStripeR Information Exposure Through Query Strings in GET Request CWE-598 - CVE: CVE-2013-2653 - CWE: CWE-598 - Deloitte Argentina Advisory Code: DTTAR-20130002 - Vendor Status: CONFIRMED - Vendor Disclosure Date: May, 8th, 2013. - Public Disclosure Date: August, 1st, 2013. - Vendors...

5.8CVSS0.2AI score0.05747EPSS

securityvulns•added 2013/09/09 12:0 a.m.•35 views

libmodplug security vulnerabilities

Few code execution possibilities...

6.8CVSS2.9AI score0.03846EPSS

Exploits2References1Affected Software1

securityvulns•added 2013/09/09 12:0 a.m.•60 views

[SECURITY] [DSA 2751-1] libmodplug security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2751-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 04, 2013 http://www.debian.org/security/faq -...

6.8CVSS2.2AI score0.03846EPSS

securityvulns•added 2013/09/09 12:0 a.m.•35 views

Apple AitPort DoS

Hang on invalid length packets processing...

5.4CVSS1.6AI score0.00428EPSS

Exploits1References1

securityvulns•added 2013/09/09 12:0 a.m.•28 views

Cisco WebEx applications multiple security vulnerabilities

Memory corruptions, buffer overflows...

9.3CVSS2.9AI score0.02585EPSS

securityvulns•added 2013/09/09 12:0 a.m.•129 views

CVE-2013-5216 CapaSystems Performance Guard Path Traversal Vulnerability

Application Performance Guard Vendor CapaSystems Link http://www.capasystems.com/it-performance-monitorin Discovered by Kerem Kocaer kerem.kocaeratgmaildotcom Problem ------- Path traversal vulnerability in the "download logs" section allows remote attackers to read arbitrary files by interceptin...

5CVSS1.3AI score0.00529EPSS

securityvulns•added 2013/09/09 12:0 a.m.•77 views

[KIS-2013-05] vtiger CRM <= 5.4.0 (customerportal.php) Two Local File Inclusion Vulnerabilities

--------------------------------------------------------------------------------- vtiger CRM = 5.4.0 customerportal.php Two Local File Inclusion Vulnerabilities --------------------------------------------------------------------------------- - Software Link: http://www.vtiger.com/ - Affected...

0.3AI score0.23052EPSS

securityvulns•added 2013/09/09 12:0 a.m.•141 views

[ MDVSA-2013:212 ] otrs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:212 http://www.mandriva.com/en/support/security/ Package : otrs Date : August 13, 2013 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerability: It was discovered...

8.9AI score0.00897EPSS

securityvulns•added 2013/09/09 12:0 a.m.•95 views

Multiple XSS Vulnerabilities in Jahia xCM

Advisory ID: HTB23159 Product: Jahia xCM Vendor: Jahia Solutions Group SA Vulnerable Versions: 6.6.1.0 r43343 and probably prior Tested Version: 6.6.1.0 r43343 Vendor Notification: June 5, 2013 Vendor Patch: July 17, 2013 Public Disclosure: July 31, 2013 Vulnerability Type: Cross-Site Scripting...

4.3CVSS0.9AI score0.00909EPSS

securityvulns•added 2013/09/09 12:0 a.m.•49 views

Vulnerabilities in multiple web applications with GDD FLVPlayer

Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in multiple web applications with GDD FLVPlayer. Earlier I've wrote about vulnerabilities in GDD FLVPlayer http://seclists.org/fulldisclosure/2013/Aug/247. This is video and audio player, which is used at thousands...

securityvulns•added 2013/09/09 12:0 a.m.•21 views

libdigidoc unauthorized access

It's possible to overwrite any file...

6.8CVSS3.4AI score0.006EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/09/09 12:0 a.m.•128 views

[SECURITY] [DSA 2747-1] cacti security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2747-1 [email protected] http://www.debian.org/security/ Florian Weimer August 31, 2013 http://www.debian.org/security/faq -...

7.5CVSS1.5AI score0.00417EPSS

securityvulns•added 2013/09/09 12:0 a.m.•32 views

Zoom routers multiple security vulnerabilities

Directory traversal, authentication bypass, information leakage...

Exploits5References1

securityvulns•added 2013/09/09 12:0 a.m.•109 views

Cross-Site Scripting (XSS) in Twilight CMS

Advisory ID: HTB23166 Product: Twilight CMS Vendor: Strata Technologies LLC Vulnerable Versions: 5.17 and probably prior Tested Version: 5.17 Vendor Notification: July 24, 2013 Vendor Patch: August 15, 2013 Public Disclosure: August 21, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...

4.3CVSS0.00359EPSS

securityvulns•added 2013/09/09 12:0 a.m.•101 views

ESA-2013-057: RSA Archer(r) GRC Multiple Vulnerabilities

ESA-2013-057.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-057: RSA Archer® GRC Multiple Vulnerabilities EMC Identifier: ESA-2013-057 CVE Identifier: CVE-2013-3276, CVE-2013-3277 Severity Rating: CVSS v2 Base Score: See below for individual scores Affected Products: RSA Archer versio...

6CVSS0.3AI score0.00224EPSS

securityvulns•added 2013/09/09 12:0 a.m.•38 views

Wordpress post-gallery Plugin Xss vulnerabilities

The Wordpress post-gallery Plugin suffers from a Cross-Site Scripting vulnerability. Iranian Exploit DataBase Forum http://iedb.ir/acc http://iedb.ir Exploit Title : Wordpress post-gallery Plugin Xss vulnerabilities Author : Iranian Exploit DataBase Discovered By : IeDb Email : [email protected]...

securityvulns•added 2013/09/09 12:0 a.m.•145 views

Joomla! VirtueMart component <= 2.0.22a - SQL Injection

------------------------------------------------------------ Joomla! VirtueMart component = 2.0.22a - SQL Injection ------------------------------------------------------------ == Description == - Software link: http://www.virtuemart.net/ - Affected versions: All versions between 2.0.8 and 2.0.22...

securityvulns•added 2013/09/09 12:0 a.m.•198 views

Struts2 Prefixed Parameters Open Redirect Vulnerability

CVE Number: CVE-2013-2248 Title: Struts2 Prefixed Parameters Open Redirect Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was released which fixes this vulnerability Issue ID by Vender: S2-017...

5.8CVSS0.3AI score0.91954EPSS

securityvulns•added 2013/09/09 12:0 a.m.•54 views

[SECURITY] [DSA 2748-1] exactimage security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2748-1 [email protected] http://www.debian.org/security/ Florian Weimer September 01, 2013 http://www.debian.org/security/faq -...

4.3CVSS1.7AI score0.00512EPSS

securityvulns•added 2013/09/09 12:0 a.m.•75 views

[ MDVSA-2013:226 ] roundcubemail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:226 http://www.mandriva.com/en/support/security/ Package : roundcubemail Date : September 5, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been...

4.3CVSS8AI score0.00305EPSS

securityvulns•added 2013/09/09 12:0 a.m.•42 views

imagemagic buffer overflow

Buffer overflow on GIF parsing...

4.3CVSS5.4AI score0.00943EPSS

Exploits1References1Affected Software1

securityvulns•added 2013/09/09 12:0 a.m.•40 views

Mikrotik RouterOS 5.* and 6.* sshd remote preauth heap corruption

Hello lists, here you find the analysis of a vulnerability I recently discovered. Mikrotik RouterOS 5. and 6. sshd remote preauth heap corruption http://kingcope.wordpress.com/2013/09/02/mikrotik-routeros-5-and-6-sshd-remote-preauth-heap-corruption/ Additionally it includes a way to drop into a...

securityvulns•added 2013/09/09 12:0 a.m.•71 views

[KIS-2013-08] vtiger CRM <= 5.4.0 (SOAP Services) Authentication Bypass Vulnerability

----------------------------------------------------------------------- vtiger CRM = 5.4.0 SOAP Services Authentication Bypass Vulnerability ----------------------------------------------------------------------- - Software Link: http://www.vtiger.com/ - Affected Versions: All versions from 5.1.0...

0.2AI score0.73669EPSS

securityvulns•added 2013/09/09 12:0 a.m.•44 views

CS, XSS and FPD vulnerabilities in MCImageManager for TinyMCE

Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Content Spoofing, Cross-Site Scripting and Full Path...

securityvulns•added 2013/09/09 12:0 a.m.•61 views

WebKit / Appl Safari / Google Chrome security vulnerabilities

Race conditions, use-after-free...

10CVSS2.1AI score0.11812EPSS

Exploits3References2Affected Software2

securityvulns•added 2013/09/09 12:0 a.m.•71 views

ReviewBoard Vulnerabilities

ReviewBoard www.reviewboard.org aims to 'take the pain out of code review'. Integration with source control makes it imperative to maintain proper protections on this server. I have worked with the developers to resolve multiple XSS conditions and harden web server configurations. The XSS...

securityvulns•added 2013/09/09 12:0 a.m.•59 views

Updated [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity

Issued: August 6, 2013 Updated: August 7, 2013 Product: Apache CloudStack Vendor: The Apache Software Foundation Vulnerability Types: Cross-site scripting XSS Vulnerable versions: Apache CloudStack versions 4.0.0-incubating, 4.0.1-incubating, 4.0.2 and 4.1.0 CVE References: CVE-2013-2136 Risk...

4.3CVSS0.8AI score0.06724EPSS

securityvulns•added 2013/09/09 12:0 a.m.•40 views

IndiaNIC Testimonail WP plugin - Multiple vulnerabilities

Details ======================== Application: Testimonial Version: 2.2 Type: Wordpress plugin Vendor: IndiaNIC Vulnerability: - XSS CWE-79 - CSRF CWE-352 - SQL Injection CWE-89 Description ======================== Testimonial Plugin allows you to add, delete, edit and place what others said about...

securityvulns•added 2013/09/09 12:0 a.m.•61 views

Cross-Site Scripting (XSS) in BackWPup WordPress Plugin

Advisory ID: HTB23161 Product: BackWPup WordPress Plugin Vendor: Inpsyde GmbH Vulnerable Versions: 3.0.12 and probably prior Tested Version: 3.0.12 Vendor Notification: June 19, 2013 Vendor Patch: August 12, 2013 Public Disclosure: August 21, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 C...

4.3CVSS5.5AI score0.00498EPSS

securityvulns•added 2013/09/09 12:0 a.m.•255 views

CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework

Severity: Important Vendor: Spring by Pivotal Versions Affected: - 3.0.0 to 3.2.3 Spring OXM & Spring MVC - 4.0.0.M1 Spring OXM - 4.0.0.M1-4.0.0.M2 Spring MVC - Earlier unsupported versions may also be affected Description: The Spring OXM wrapper did not expose any property for disabling entity...

6.8CVSS0.2AI score0.67951EPSS

securityvulns•added 2013/08/28 12:0 a.m.•113 views

[PSA-2013-0819-1] Oracle Java BytePackedRaster.verify() Signed Integer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0819-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...

securityvulns•added 2013/08/28 12:0 a.m.•57 views

PHP / python certificate spoofing

Subject Alternative Name 0 invalid handling...

6.8CVSS1AI score0.09892EPSS

Exploits5References2

securityvulns•added 2013/08/28 12:0 a.m.•40 views

FreeBSD Security Advisory FreeBSD-SA-13:09.ip_multicast

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FreeBSD-SA-13:09.ipmulticast Security Advisory The FreeBSD Project Topic: integer overflow in IPMSFILTER Category: core Module: kernel Announced: 2013-08-22 Credits: Clement Lecigne Google Security Team Affects: All supported versions of FreeBSD...

7.2CVSS6.4AI score0.00048EPSS

securityvulns•added 2013/08/28 12:0 a.m.•31 views

perl-Proc-ProcessTable symbolic links vulnerabilities

Symbolic links vulnerabilities on /tmp/TTYDEVS processing...

2.6CVSS1.8AI score0.00047EPSS

Exploits0References1

securityvulns•added 2013/08/28 12:0 a.m.•48 views

Chromium / Google Chrome multiple security vulnerabilities

Multiple memory corruptions, integer overflows, information leaks...

7.5CVSS3.1AI score0.01382EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/08/28 12:0 a.m.•117 views

[ MDVSA-2013:216 ] perl-Proc-ProcessTable

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:216 http://www.mandriva.com/en/support/security/ Package : perl-Proc-ProcessTable Date : August 23, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated perl-Proc-ProcessTab...

2.6CVSS5.7AI score0.00047EPSS

securityvulns•added 2013/08/28 12:0 a.m.•74 views

[ MDVSA-2013:214 ] python

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:214 http://www.mandriva.com/en/support/security/ Package : python Date : August 21, 2013 Affected: Business Server 1.0 Problem Description: Updated python packages fix security vulnerability: Ryan Sleevi of...

securityvulns•added 2013/08/28 12:0 a.m.•112 views

Oracle Java multiple security vulnerabilities

40 different vulnerabilities...

10CVSS2.4AI score0.9322EPSS

Exploits32References4Affected Software2

securityvulns•added 2013/08/28 12:0 a.m.•136 views

[PSA-2013-0813-1] Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0813-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...

securityvulns•added 2013/08/28 12:0 a.m.•24 views

FreeBSD ip_multicast integer overflow

Integer overflow on buffer size calculation in IPMSFILTER...

7.2CVSS3.7AI score0.00048EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/08/28 12:0 a.m.•59 views

Samba DoS

Memory exhaustion on malformed nttrans request processing...

5CVSS2.6AI score0.83531EPSS

Exploits7References2Affected Software1

securityvulns•added 2013/08/28 12:0 a.m.•49 views

[ MDVSA-2013:217 ] spice

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:217 http://www.mandriva.com/en/support/security/ Package : spice Date : August 23, 2013 Affected: Business Server 1.0 Problem Description: Updated spice packages fix security vulnerability: An user able to...

5CVSS5.9AI score0.01006EPSS

securityvulns•added 2013/08/28 12:0 a.m.•30 views

FreeBSD information leakage

Kernel memory content leakage via SCTP sockets...

7.8CVSS2.3AI score0.00626EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/08/28 12:0 a.m.•66 views

FreeBSD Security Advisory FreeBSD-SA-13:10.sctp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:10.sctp Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in sctp4 Category: core Module: sctp Announced: 2013-08-22 Credits: Julian Seward...

7.8CVSS9.2AI score0.00626EPSS

securityvulns•added 2013/08/28 12:0 a.m.•79 views

libtiff multiple security vulnerabilities

Vulnerabilities in different utilities...

6.8CVSS2.6AI score0.18385EPSS

Exploits0References3Affected Software1

Total number of security vulnerabilities47153