Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•51 views

XSS and FPD vulnerabilities in WPtouch and WPtouch Pro for WordPress

Hello 3APA3A! I want to inform you about vulnerabilities in WPtouch and WPtouch Pro plugins for WordPress. These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in ZeroClipboard.swf, which is used in the plugin. In February I wrote about Cross-Site Scripting...

5.7AI score
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•83 views

[USN-1944-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1944-1 September 06, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.9CVSS0.1AI score0.01013EPSS
Exploits7
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•56 views

Joomla com_sectionex v2.5.96 SQL Injection vulnerabilities

------------------------------------------------------------------------------------- Joomla comsectionex v2.5.96 SQL Injection vulnerabilities ------------------------------------------------------------------------------------- == Description == - Software link: http://stackideas.com/sectionex ...

0.4AI score
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•526 views

VoltEdit CMS SQL Injection Admin Login Bypass & Shell Upload Vulnerability

========================================================================================== VoltEdit CMS SQL Injection Admin Login Bypass & Shell Upload Vulnerability ==========================================================================================...

0.1AI score
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•44 views

IndiaNIC Testimonail WP plugin - Multiple vulnerabilities

Details ======================== Application: Testimonial Version: 2.2 Type: Wordpress plugin Vendor: IndiaNIC Vulnerability: - XSS CWE-79 - CSRF CWE-352 - SQL Injection CWE-89 Description ======================== Testimonial Plugin allows you to add, delete, edit and place what others said about...

0.2AI score
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•87 views

CakePHP AssetDispatcher Local File Inclusion Vulnerability

CVE Number: N/A not assigned Title: CakePHP AssetDispatcher Local File Inclusion Vulnerability Affected Software: Confirmed on CakePHP v2.3.7, v2.2.8 prior versions may also be affected Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.8 & 2.2.9 was released which...

0.2AI score
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•48 views

XSS and CS vulnerabilities in aCMS

Hello 3APA3A! After previous Cross-Site Scripting, Content Spoofing, Information Leakage, Insufficient Authorization and Arbitrary File Uploading vulnerabilities in aCMS, here are new ones. These are Cross-Site Scripting and Content Spoofing vulnerabilities in aCMS. This is commercial CMS...

0.6AI score
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•72 views

PHPFox v3.6.0 (build3) Multiple SQL Injection vulnerabilities

------------------------------------------------------------ PHPFox v3.6.0 build3 Multiple SQL Injection vulnerabilities ------------------------------------------------------------ == Description == - Software link: http://www.phpfox.com - Affected versions: version 3.6.0 build3 is vulnerable...

8.4AI score
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•44 views

Vulnerabilities in Avaya IP Office Customer Call Reporter

Hello 3APA3A! I want to warn you about vulnerabilities in Avaya IP Office Customer Call Reporter. These are Remote HTML Include and Remote XSS Include Cross-Site Scripting vulnerabilities. After I found multiple vulnerabilities in Avaya IP Office Customer Call Reporter in December, I informed ZDI...

0.2AI score
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•39 views

[ MDVSA-2013:225 ] libdigidoc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:225 http://www.mandriva.com/en/support/security/ Package : libdigidoc Date : September 2, 2013 Affected: Business Server 1.0 Problem Description: Updated libdigidoc packages fix security vulnerability: Fixed...

6.8CVSS6.4AI score0.02053EPSS
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•131 views

CVE-2013-5216 CapaSystems Performance Guard Path Traversal Vulnerability

Application Performance Guard Vendor CapaSystems Link http://www.capasystems.com/it-performance-monitorin Discovered by Kerem Kocaer kerem.kocaeratgmaildotcom Problem ------- Path traversal vulnerability in the "download logs" section allows remote attackers to read arbitrary files by interceptin...

5CVSS1.3AI score0.01899EPSS
Exploits3
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•43 views

Mikrotik RouterOS 5.* and 6.* sshd remote preauth heap corruption

Hello lists, here you find the analysis of a vulnerability I recently discovered. Mikrotik RouterOS 5. and 6. sshd remote preauth heap corruption http://kingcope.wordpress.com/2013/09/02/mikrotik-routeros-5-and-6-sshd-remote-preauth-heap-corruption/ Additionally it includes a way to drop into a...

1.5AI score
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•73 views

[KIS-2013-06] vtiger CRM <= 5.4.0 (SOAP Services) Multiple SQL Injection Vulnerabilities

-------------------------------------------------------------------------- vtiger CRM = 5.4.0 SOAP Services Multiple SQL Injection Vulnerabilities -------------------------------------------------------------------------- - Software Link: http://www.vtiger.com/ - Affected Versions: All versions...

7.5CVSS0.1AI score0.03207EPSS
Exploits6
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•43 views

Wordpress post-gallery Plugin Xss vulnerabilities

The Wordpress post-gallery Plugin suffers from a Cross-Site Scripting vulnerability. Iranian Exploit DataBase Forum http://iedb.ir/acc http://iedb.ir Exploit Title : Wordpress post-gallery Plugin Xss vulnerabilities Author : Iranian Exploit DataBase Discovered By : IeDb Email : [email protected]...

0.6AI score
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•103 views

Multiple XSS Vulnerabilities in Jahia xCM

Advisory ID: HTB23159 Product: Jahia xCM Vendor: Jahia Solutions Group SA Vulnerable Versions: 6.6.1.0 r43343 and probably prior Tested Version: 6.6.1.0 r43343 Vendor Notification: June 5, 2013 Vendor Patch: July 17, 2013 Public Disclosure: July 31, 2013 Vulnerability Type: Cross-Site Scripting...

4.3CVSS0.9AI score0.0144EPSS
Exploits2
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•34 views

Insufficient Authorization vulnerability in Act

Hello 3APA3A! This is Insufficient Authorization vulnerability in Act. It is conference software on Perl. Besides Insufficient Authorization, there are a lot of other vulnerabilities in Act. ------------------------- Affected products: ------------------------- Vulnerable are all versions of Act...

0.7AI score
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•45 views

[ MDVSA-2013:220 ] lcms

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:220 http://www.mandriva.com/en/support/security/ Package : lcms Date : August 27, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated lcms packages fix security...

4.3CVSS6.9AI score0.03502EPSS
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•63 views

Updated [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity

Issued: August 6, 2013 Updated: August 7, 2013 Product: Apache CloudStack Vendor: The Apache Software Foundation Vulnerability Types: Cross-site scripting XSS Vulnerable versions: Apache CloudStack versions 4.0.0-incubating, 4.0.1-incubating, 4.0.2 and 4.1.0 CVE References: CVE-2013-2136 Risk...

4.3CVSS0.8AI score0.04051EPSS
Exploits1
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•145 views

[ MDVSA-2013:212 ] otrs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:212 http://www.mandriva.com/en/support/security/ Package : otrs Date : August 13, 2013 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerability: It was discovered...

8.9AI score0.01322EPSS
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•201 views

Struts2 Prefixed Parameters Open Redirect Vulnerability

CVE Number: CVE-2013-2248 Title: Struts2 Prefixed Parameters Open Redirect Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was released which fixes this vulnerability Issue ID by Vender: S2-017...

5.8CVSS0.3AI score0.94654EPSS
Exploits4
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•56 views

[SECURITY] [DSA 2748-1] exactimage security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2748-1 [email protected] http://www.debian.org/security/ Florian Weimer September 01, 2013 http://www.debian.org/security/faq -...

4.3CVSS1.7AI score0.02059EPSS
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•95 views

[ MDVSA-2013:213 ] xymon

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:213 http://www.mandriva.com/en/support/security/ Package : xymon Date : August 13, 2013 Affected: Business Server 1.0 Problem Description: Updated xymon package fixes security vulnerability: A security...

5CVSS6.2AI score0.02829EPSS
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•131 views

[SECURITY] [DSA 2747-1] cacti security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2747-1 [email protected] http://www.debian.org/security/ Florian Weimer August 31, 2013 http://www.debian.org/security/faq -...

7.5CVSS1.5AI score0.01988EPSS
Exploits1
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•420 views

Struts2 Prefixed Parameters OGNL Injection Vulnerability

CVE Number: CVE-2013-2251 Title: Struts2 Prefixed Parameters OGNL Injection Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was released which fixes this vulnerability Issue ID by Vender: S2-016...

9.3CVSS0.6AI score0.99998EPSS
Exploits20
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•264 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9.3CVSS1.6AI score0.99998EPSS
Exploits78References59Affected Software38
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•36 views

exactimage DoS

Few dcraw vulnerabilities...

4.3CVSS2AI score0.02059EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•68 views

Joomseller "Events Booking Pro" and "JSE Event" reflected XSS

---------------------------------------------------------------------------------------------- Joomseller "Events Booking Pro" and "JSE Event" reflected XSS ---------------------------------------------------------------------------------------------- + Software Link:...

Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•61 views

SQL Injection in Cotonti

Advisory ID: HTB23164 Product: Cotonti Vendor: Cotonti Team Vulnerable Versions: 0.9.13 and probably prior Tested Version: 0.9.13 Vendor Notification: July 10, 2013 Vendor Patch: July 17, 2013 Public Disclosure: July 31, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2013-4789...

7.5CVSS0.4AI score0.02624EPSS
Exploits5
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•68 views

Vulnerabilities in multiple plugins for WordPress with GDD FLVPlayer

Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in multiple web applications with GDD FLVPlayer. Earlier I wrote about vulnerabilities in GDD FLVPlayer http://seclists.org/fulldisclosure/2013/Aug/247. This is video and audio player, which is used at thousands web...

0.3AI score
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•75 views

Joomla! redSHOP component v1.2 SQL Injection

-------------------------------------------- Joomla! redSHOP component v1.2 SQL Injection -------------------------------------------- == Description == - Product: Joomla! redSHOP component - Product link: http://redcomponent.com/redcomponent/redshop - Vendor: redcomponent - Affected versions:...

0.9AI score
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•74 views

ReviewBoard Vulnerabilities

ReviewBoard www.reviewboard.org aims to 'take the pain out of code review'. Integration with source control makes it imperative to maintain proper protections on this server. I have worked with the developers to resolve multiple XSS conditions and harden web server configurations. The XSS...

0.6AI score
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•33 views

CS and XSS vulnerabilities in GDD FLVPlayer

Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in GDD FLVPlayer. ------------------------- Affected products: ------------------------- Vulnerable are GDD FLVPlayer v3.635 and previous versions. ------------------------- Affected vendors: -----------------------...

0.1AI score
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•76 views

CS, XSS and FPD vulnerabilities in MCImageManager for TinyMCE

Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Content Spoofing, Cross-Site Scripting and Full Path...

0.1AI score
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•50 views

SQL Injection vulnerability in Soltech.CMS

Hello 3APA3A! There is SQL Injection vulnerability in Soltech.CMS. This is commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are Soltech.CMS v 0.4 and previous versions. ------------------------- Affected vendors: ------------------------- Soltech...

0.9AI score
Exploits0
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•78 views

[USN-1939-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1939-1 September 06, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.9CVSS7.1AI score0.04707EPSS
Exploits1
securityvulns
securityvulns
•added 2013/08/28 12:0 a.m.•32 views

FreeBSD information leakage

Kernel memory content leakage via SCTP sockets...

7.8CVSS2.3AI score0.02511EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2013/08/28 12:0 a.m.•80 views

libtiff multiple security vulnerabilities

Vulnerabilities in different utilities...

6.8CVSS2.6AI score0.07399EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
•added 2013/08/28 12:0 a.m.•56 views

NEW VMSA-2013-0010 VMware Workstation host privilege escalation vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2013-0010 Synopsis: VMware Workstation host privilege escalation vulnerability Issue date: 2013-08-22 Updated on: 2013-08-22 initial...

6.9CVSS6.5AI score0.04638EPSS
Exploits4
securityvulns
securityvulns
•added 2013/08/28 12:0 a.m.•60 views

[SECURITY] [DSA 2744-1] tiff security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2744-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff August 27, 2013 http://www.debian.org/security/faq -...

6.8CVSS1.8AI score0.07399EPSS
Exploits0
securityvulns
securityvulns
•added 2013/08/28 12:0 a.m.•68 views

[ MDVSA-2013:219 ] libtiff

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:219 http://www.mandriva.com/en/support/security/ Package : libtiff Date : August 23, 2013 Affected: Business Server 1.0 Problem Description: Updated libtiff packages fix security vulnerabilities: Pedro Ribei...

6.8CVSS8.7AI score0.07399EPSS
Exploits0
securityvulns
securityvulns
•added 2013/08/28 12:0 a.m.•32 views

SPICE DoS

assert on loops processing...

5CVSS2.1AI score0.02629EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2013/08/28 12:0 a.m.•91 views

CVE-2013-4124 samba nttrans dos private exploit

Hi Forks! It's my samba private exploit and article of it. the security bug occurs while nttrans reply in samba daemon source code tree. the remote dos exploit that i copied from another nttrans exploit in 2003. and can't test it yet, check it out! CVE-2013-4124 samba dos private exploit: -...

5CVSS0.5AI score0.69008EPSS
Exploits7
securityvulns
securityvulns
•added 2013/08/28 12:0 a.m.•37 views

libtiff <= 3.9.5 integer overflow bug

+----------------------------------------------------+ | XADV-2013001 libtiff = 3.9.5 integer overflow bug | +----------------------------------------------------+ vulnerable versions: - libtiff 3.9.5 = - libtiff 3.6.0 not vulnerable versions: - libtiff 4.0.3 - libtiff 4.0.2 - libtiff 4.0.1 -...

0.6AI score
Exploits0
securityvulns
securityvulns
•added 2013/08/28 12:0 a.m.•60 views

Samba DoS

Memory exhaustion on malformed nttrans request processing...

5CVSS2.6AI score0.69008EPSS
Exploits7References2Affected Software1
securityvulns
securityvulns
•added 2013/08/28 12:0 a.m.•37 views

VMWare privilege escalation

vmware-mount privilege escalation...

6.9CVSS3.3AI score0.04638EPSS
Exploits4References1
securityvulns
securityvulns
•added 2013/08/28 12:0 a.m.•69 views

FreeBSD Security Advisory FreeBSD-SA-13:10.sctp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:10.sctp Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in sctp4 Category: core Module: sctp Announced: 2013-08-22 Credits: Julian Seward...

7.8CVSS9.2AI score0.02511EPSS
Exploits0
securityvulns
securityvulns
•added 2013/08/28 12:0 a.m.•77 views

[ MDVSA-2013:214 ] python

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:214 http://www.mandriva.com/en/support/security/ Package : python Date : August 21, 2013 Affected: Business Server 1.0 Problem Description: Updated python packages fix security vulnerability: Ryan Sleevi of...

6.1AI score
Exploits1
securityvulns
securityvulns
•added 2013/08/28 12:0 a.m.•32 views

perl-Proc-ProcessTable symbolic links vulnerabilities

Symbolic links vulnerabilities on /tmp/TTYDEVS processing...

2.6CVSS1.8AI score0.00303EPSS
Exploits0References1
securityvulns
securityvulns
•added 2013/08/28 12:0 a.m.•25 views

FreeBSD ip_multicast integer overflow

Integer overflow on buffer size calculation in IPMSFILTER...

7.2CVSS3.7AI score0.00412EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2013/08/28 12:0 a.m.•84 views

[SECURITY] [DSA 2741-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2741-1 [email protected] http://www.debian.org/security/ Michael Gilbert August 25, 2013 http://www.debian.org/security/faq -...

7.5CVSS1.6AI score0.01627EPSS
Exploits0
Total number of security vulnerabilities47153