Securityvulns - Page 93 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2013/07/19 12:0 a.m.•39 views

[security bulletin] HPSBGN02882 rev.1 - HP Database and Middleware Automation (DMA) using SSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03788014 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03788014 Version: 1 HPSBGN02882 rev....

7.9CVSS0.6AI score0.00281EPSS

securityvulns•added 2013/07/19 12:0 a.m.•45 views

Symantec Workspace Virtualization 6.4.1895.0 Local Kernel Mode Privilege Escalation Exploit

Symantec Workspace Virtualization 6.4.1895.0 Local Kernel Mode Privilege Escalation Exploit Date: 2013-7-17 Author : MJ0011 Version: Symantec Workspace Virtualization 6.4.1895.0 Tested on: Windows XP SP3 DETAILS: In fslx.sys 's hook function of "NtQueryValueKey" , it directly write to the buffer ...

securityvulns•added 2013/07/19 12:0 a.m.•121 views

[CVE-2013-0523] IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Advisory Name: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks Release Date: 2013-06-19 Application: IBM...

4.3CVSS5.7AI score0.00159EPSS

securityvulns•added 2013/07/19 12:0 a.m.•140 views

[security bulletin] HPSBMU02900 rev.2 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03839862 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03839862 Version: 2 HPSBMU02900 rev....

7.5CVSS1AI score0.79567EPSS

securityvulns•added 2013/07/19 12:0 a.m.•41 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6CVSS1.6AI score0.00779EPSS

Exploits5References6Affected Software4

securityvulns•added 2013/07/19 12:0 a.m.•57 views

Western Digital My Net N600, N750, N900 and N900C - Plain text disclosure of administrative credentials

Vulnerable Products - WD My Net N600 HD Dual Band Router Wireless N WiFi Router Accelerate HD WD My Net N750 HD Dual Band Router Wireless N WiFi Router Accelerate HD Linux 2.6.3 Kernel All firmware including the latest Ver. 1.04.16 WD My Net N900 HD Dual Band Router Wireless N WiFi Router...

securityvulns•added 2013/07/19 12:0 a.m.•36 views

Barracuda CudaTel 2.6.02.04 - Multiple Client Side Cross Site Vulnerabilities (Bug Bounty #17)

Title: ====== Barracuda CudaTel 2.6.02.04 - Multiple Client Side Cross Site Vulnerabilities Bug Bounty 17 Date: ===== 2013-07-17 References: =========== http://vulnerability-lab.com/getcontent.php?id=779 BARRACUDA NETWORK SECURITY ID: BNSEC-815 VL-ID: ===== 779 Common Vulnerability Scoring System...

securityvulns•added 2013/07/19 12:0 a.m.•33 views

HP Database and Middleware Automation information leakage

No description provided...

7.9CVSS1.2AI score0.00281EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/07/19 12:0 a.m.•29 views

Symantec Workspace Virtualization privilege escalation

Unsafe function's hook...

Exploits0References1Affected Software1

securityvulns•added 2013/07/19 12:0 a.m.•62 views

Open-Xchange Security Advisory 2013-06-03

Open-Xchange Security Advisory multiple vulnerabilities Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. The vendor has chosen a responsible full disclosure method to publish security issue details. Users of the software have already been provided...

4.3CVSS6.2AI score0.00225EPSS

securityvulns•added 2013/07/19 12:0 a.m.•24 views

Sybase EAServer multiple security vulnerabilities

Directory traversal, XML injection, shell characters injection...

Exploits0References1Affected Software1

securityvulns•added 2013/07/19 12:0 a.m.•34 views

IBM WebSphere information leakage

Access token inside URL...

4.3CVSS1.8AI score0.00159EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/07/19 12:0 a.m.•25 views

EMC Avamar security vulnerabilities

Privilege escalation, crossite scripting...

9CVSS2.8AI score0.01503EPSS

Exploits0References1

securityvulns•added 2013/07/19 12:0 a.m.•30 views

Cisco Unified Communications Manager multiple security vulnerabilities

Hardcoded encryption key, code execution, privilege escation, SQL injection...

8.5CVSS3AI score0.09197EPSS

Exploits0Affected Software2

securityvulns•added 2013/07/19 12:0 a.m.•29 views

ePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities

Title: ====== ePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities Date: ===== 2013-07-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1017 VL-ID: ===== 1017 Common Vulnerability Scoring System: ==================================== 6.6 Introduction: ============...

securityvulns•added 2013/07/19 12:0 a.m.•54 views

ESA-2013-055: EMC Avamar Multiple Vulnerabilities

ESA-2013-055.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-055: EMC Avamar Multiple Vulnerabilities EMC Identifier: ESA-2013-055 CVE Identifier: CVE-2013-3274, CVE-2013-3275 Severity Rating: See below for individual scores Affected products: All EMC Avamar Server and Avamar Virtual...

9CVSS0.3AI score0.01503EPSS

securityvulns•added 2013/07/19 12:0 a.m.•26 views

HP Smart Zero Client unauthorized access

No description provided...

4.6CVSS2.1AI score0.00086EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/07/19 12:0 a.m.•89 views

[security bulletin] HPSBMU02870 SSRT101012 rev.2 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03747342 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03747342 Version: 2 HPSBMU02870...

7.5CVSS0.9AI score0.01115EPSS

securityvulns•added 2013/07/19 12:0 a.m.•7435 views

Multiple vulnerabilities in Googlemaps plugin for Joomla

Hello 3APA3A! These are Denial of Service, XML Injection, Cross-Site Scripting and Full path disclosure vulnerabilities in Googlemaps plugin for Joomla. ------------------------- Affected products: ------------------------- Vulnerable are Googlemaps plugin for Joomla versions 2.x and 3.x and...

securityvulns•added 2013/07/19 12:0 a.m.•75 views

CVE-2013-3734 - JBoss AS Administration Console - Password Returned in Later Response

Product: Embedded Jopr - JBoss AS Administration Console Vendor: Red Hat Middleware, LLC Version: 1.2 Tested Version: 1.2 Vendor Notified Date: May 29, 2013 Release Date: June 03, 2013 Risk: Moderate Authentication: Required Remote: Yes Description: Passwords submitted to the application are...

6CVSS0.1AI score0.00779EPSS

securityvulns•added 2013/07/17 12:0 a.m.•31 views

Samsung Galaxy SMS manipulation

It's possible to manipulate SMS via built-in backup utility...

2.7AI score0.00176EPSS

Exploits0References1

securityvulns•added 2013/07/17 12:0 a.m.•78 views

[CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2612 Huawei E587 3G Mobile Hotspot Command Injection Summary: Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a command injection vulnerability in the Web UI. Successful exploitation allows unauthenticated attackers to execute...

2.8AI score0.05717EPSS

securityvulns•added 2013/07/17 12:0 a.m.•49 views

FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability

Title: ====== FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability Date: ===== 2013-07-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1007 VL-ID: ===== 1007 Common Vulnerability Scoring System: ==================================== 3.7 Introduction: ============= FTP...

securityvulns•added 2013/07/17 12:0 a.m.•35 views

Huawei E587 access point security vulnerabilities

Crossite scripting, code execution...

1.6AI score0.05717EPSS

Exploits1References2

securityvulns•added 2013/07/17 12:0 a.m.•45 views

Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities

Title: ====== Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities Date: ===== 2013-07-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=833 VL-ID: ===== 833 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

securityvulns•added 2013/07/17 12:0 a.m.•54 views

Huawei E587 3G Mobile Hotspot Web UI Cross Site Scripting vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Huawei E587 3G Mobile Hotspot Web UI Cross Site Scripting vulnerability Summary: Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a XSS vulnerability in the Web UI. A specialy crafted SMS can bypass the function used to sanitize incoming...

securityvulns•added 2013/07/17 12:0 a.m.•62 views

Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities

Title: ====== Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities Date: ===== 2013-05-21 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=894 Article: http://www.vulnerability-lab.com/dev/?p=580 Trend Micro Reference:...

securityvulns•added 2013/07/17 12:0 a.m.•54 views

[CVE-2013-4763|CVE-2013-4764] Vulnerability in built-in system app of Samsung Galaxy S3/S4

Hi list, I would like to inform you that the details of the vulnerability in built-in system app of Samsung Galaxy S3/S4 assigned as CVE-2013-4763 and CVE-2013-4764 are now disclosed to public. In Samsung Galaxy S3/S4, a pre-loaded app, i.e., sCloudBackupProvider.apk, is used to provide backup...

0.7AI score0.00176EPSS

securityvulns•added 2013/07/17 12:0 a.m.•20 views

Trend Micro DirectPass multiple security vulnerabilities

DoS conditions...

Exploits0References1Affected Software1

securityvulns•added 2013/07/17 12:0 a.m.•31 views

Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities

Title: ====== Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities Date: ===== 2013-07-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1009 VL-ID: ===== 1009 Common Vulnerability Scoring System: ==================================== 5.6 Introduction: =============...

securityvulns•added 2013/07/17 12:0 a.m.•53 views

MiniDLNA multiple security vulnerabilities

Buffer overflows, SQL injections...

3.1AI score0.0818EPSS

Exploits1References1Affected Software1

securityvulns•added 2013/07/17 12:0 a.m.•22 views

EMC VNX / Celerra privilege escalation

Weak permissions for script files...

6.8CVSS3AI score0.00041EPSS

Exploits0References1Affected Software2

securityvulns•added 2013/07/17 12:0 a.m.•39 views

ESA-2013-041: EMC VNX and Celerra Control Station Elevation of Privilege Vulnerability

ESA-2013-041.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-041: EMC VNX and Celerra Control Station Elevation of Privilege Vulnerability EMC Identifier: ESA-2013-041 CVE Identifier: CVE-2013-3270 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected products: •...

6.8CVSS1.1AI score0.00041EPSS

securityvulns•added 2013/07/17 12:0 a.m.•96 views

[CVE-2013-2745, CVE-2013-2738, CVE-2013-2739] MiniDLNA v1.0.25 Multiple Vulnerabilities

MiniDLNA prior to v1.1.0 http://sourceforge.net/projects/minidlna/ is prone to a variety of issues which could be used to take control of a host running this software. CVE-2013-2738 and CVE-2013-2745 are SQL injection issues. CVE-2013-2739 has been assigned for a heap-based buffer overflow which...

2.1AI score0.0818EPSS

securityvulns•added 2013/07/17 12:0 a.m.•45 views

Barracuda CudaTel 2.6.02.040 - Client Side Cross Site Scripting Vulnerability

Title: ====== Barracuda CudaTel 2.6.02.040 - Client Side Cross Site Scripting Vulnerability Date: ===== 2013-07-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=776 BARRACUDA NETWORK SECURITY ID: BNSEC-807 VL-ID: ===== 776 Common Vulnerability Scoring System:...

securityvulns•added 2013/07/16 12:0 a.m.•62 views

Squid-3.3.5 DoS PoC

Squid Crash PoC Copyright C Kingcope 2013 tested against squid-3.3.5 this seems to be the patch for the vulnerability: http://www.squid-cache.org/Versions/v3/3.3/squid-3.3.8.patch The squid-cache service will respawn, looks like a kind of assert exception: 2013/07/15 20:48:36 kid1| Closing HTTP...

securityvulns•added 2013/07/16 12:0 a.m.•64 views

Re: Multiple vulnerabilities in McAfee ePO 4.6.6

McAfee has released a Knowledgebase Article KB to address the issues reported by a NATO pen test. https://kc.mcafee.com/corporate/index?page=content&id=KB78824 Both SQL Injection vulnerabilities were identified on May 10th, 2013 and patched as specified in SB10043. McAfee's internal testing leads...

securityvulns•added 2013/07/16 12:0 a.m.•48 views

PHP memory corruption

Memory corruption in XML parsing, jdtojewish function DoS...

6.8CVSS3AI score0.19022EPSS

Exploits0References2Affected Software1

securityvulns•added 2013/07/16 12:0 a.m.•114 views

Re: [ MDVSA-2013:195 ] php

Hey guys, Related to this I?ve found a proof of concept test script: php -r 'xmlparseintostructxml parsercreatens, strrepeat"blah", 1000, $b;' Gabe twitter: @gmaggiotti On Mon, Jul 15, 2013 at 3:41 AM, [email protected] wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux...

6.8CVSS8.1AI score0.19022EPSS

securityvulns•added 2013/07/16 12:0 a.m.•471 views

[security bulletin] HPSBPV02891 rev.1 - HP ProCurve Switches, Remote Unauthorized Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03819065 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03819065 Version: 1 HPSBPV02891 rev....

4.3CVSS0.3AI score0.01279EPSS

securityvulns•added 2013/07/16 12:0 a.m.•47 views

McAfee ePolicy Orchestrator security vulnerability

Few vulnerabilities are used in-the-wild to compromise corporate networks...

7.9CVSS1.9AI score0.03811EPSS

Exploits4References3Affected Software1

securityvulns•added 2013/07/15 12:0 a.m.•36 views

Fail2ban 0.8.9, Denial of Service (Apache rules only)

Version 0.8.9 latest of Fail2ban allows to perform remote denial of service for arbitrary chosen IP address. Address listed on Fail2ban's whitelist are not affected. The vulnerability exists in Apache rules and it is caused by improper validation of a log file by regular expression. Malicious use...

securityvulns•added 2013/07/15 12:0 a.m.•58 views

Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units

Note: In June I released a partial disclosure for just the RT-N66U on the issue of directory traversal. I have only heard back from ASUS a twice on the issue, and I understand they are working on a fix. However, no serious attempt to our knowledge has been made to warn their customers in the...

securityvulns•added 2013/07/15 12:0 a.m.•41 views

eFile Wifi Transfer Manager 1.0 iOS - Multiple Vulnerabilities

Title: ====== eFile Wifi Transfer Manager 1.0 iOS - Multiple Vulnerabilities Date: ===== 2013-06-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=982 VL-ID: ===== 982 Common Vulnerability Scoring System: ==================================== 6.8 Introduction:...

securityvulns•added 2013/07/15 12:0 a.m.•59 views

Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability

Title: ====== Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability Date: ===== 2013-07-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1000 VL-ID: ===== 1000 Common Vulnerability Scoring System: ==================================== 6.7 Introduction:...

securityvulns•added 2013/07/15 12:0 a.m.•42 views

Adobe Flash Player multiple security vulnerabilities

Multiple memory corruptions, code execution...

10CVSS2.4AI score0.07994EPSS

Exploits1Affected Software1

securityvulns•added 2013/07/15 12:0 a.m.•46 views

[oCERT-2013-001] File Roller path sanitization errors

2013-001 File Roller path sanitization errors Description: The File Roller archive manager for the GNOME desktop suffers from a path traversal vulnerability caused by insufficient path sanitization. A specially crafted archive file can be used to trigger creation of arbitrary files in any locatio...

5CVSS0.8AI score0.01331EPSS

securityvulns•added 2013/07/15 12:0 a.m.•102 views

ESA-2013-032 RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability

ESA-2013-032.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-032: RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery aka “Lucky Thirteen” Vulnerability EMC Identifier: ESA-2013-032 CVE Identifier: CVE-2013-0169 Severity Rating: CVSS v2 Base Score: 2.6...

2.6CVSS0.00943EPSS

securityvulns•added 2013/07/15 12:0 a.m.•64 views

Re: Project Pier Web Vulnerabilities

Mitre has assigned the following CVE's for these issues in Project Pier: XSS: CVE-2013-3635 Session cookies lack HttpOnly flag: CVE-2013-3636 Session cookies lack Secure flag: CVE-2013-3637 On Tue, May 21, 2013 at 9:26 PM, the infinitenigma [email protected] wrote: Summary...

securityvulns•added 2013/07/15 12:0 a.m.•31 views

Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities

Title: ====== Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities Date: ===== 2013-04-21 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=932 VL-ID: ===== 932 Common Vulnerability Scoring System: ==================================== 6.1 Introduction: ===========...

Total number of security vulnerabilities47153