Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2013/07/15 12:0 a.m.120 views

Apache security vulnerabilities

moddav malformed MERGE request crash, modrewrite log manipulation...

7.5CVSS1.7AI score0.29484EPSS
Exploits6References1Affected Software1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.28 views

HP StoreVirtual unauthorized access

No description provided...

9.4CVSS2.3AI score0.03905EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.25 views

Asus routers security vulnerabilities

Information leakage, code execution...

4AI score
Exploits0References2
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.38 views

Gnome File Roller directory traversal

Directory traversal on archive processing...

5CVSS3.7AI score0.04307EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.119 views

[Foreground Security 2013-001]: Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting (XSS) vulnerability

Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting XSS vulnerability ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2013-001 - Original release date: July 10, 2013 - Discovered by: Adam Willard Software Security Analyst at Foreground...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.35 views

Bluetooth Chat Connect v1.0 iOS - Multiple Vulnerabilities

Title: ====== Bluetooth Chat Connect v1.0 iOS - Multiple Vulnerabilities Date: ===== 2013-05-31 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=960 VL-ID: ===== 960 Common Vulnerability Scoring System: ==================================== 3.9 Introduction: =============...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.50 views

Multiple vulnerabilities in BMC SERVICE DESK EXPRESS (SDE) Version 10.2.1.95

Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC Multiple vulnerabilities in BMC SERVICE DESK EXPRESS SDE Version 10.2.1.95 Affected Product: BMC SERVICE DESK EXPRESS SDE Version 10.2.1.95 Timeline: 07 June 2013 - Vulnerability found 12 June 2013 - Vendor informed 17 June 2013 -...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.48 views

IA and AFU vulnerabilities in aCMS

Hello 3APA3A! These are Insufficient Authorization and Arbitrary File Uploading vulnerabilities in aCMS. This is commercial CMS. There are multiple vulnerabilities in aCMS and it's the second part of them. ------------------------- Affected products: ------------------------- Vulnerable are aCMS...

2.5AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.60 views

ASUS RT-N66U Router - HTTPS Directory traversal and full file access and credential disclosure vuln

Vulnerable product: ASUS RT-N66U when HTTPS WebService via AiCloud is enabled AC66R and RT-N65U are effected as well, but need more testing Vulnerabilities: - Linux 2.6.22 - Researched on both 3.0.0.4.270 and 3.0.0.4.354 firmware - Full directory traversal and plain text disclosure of all sensiti...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.66 views

Multiple Vulnerabilities in Exponent CMS

Advisory ID: HTB23154 Product: Exponent CMS Vendor: Online Innovative Creations Vulnerable Versions: 2.2.0 beta 3 and probably prior Tested Version: 2.2.0 beta 3 Vendor Notification: April 24, 2013 Vendor Patch: May 3, 2013 Public Disclosure: May 15, 2013 Vulnerability Type: SQL Injection CWE-89,...

7.5CVSS8.1AI score0.02452EPSS
Exploits5
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.75 views

Multiple vulnerabilities in McAfee ePO 4.6.6

Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC Multiple vulnerabilities in McAfee ePO 4.6.6 Affected Product: McAfee ePO 4.6.6 Build 176 & potentially earlier versions Timeline: 08 June 2013 - Vulnerability found 12 June 2013 - Vendor informed 12 June 2013 - Vendor...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.129 views

CVE-2013-3568 - Linksys CSRF + Root Command Injection

Hi list, I would like to inform you that the latest available Linksys WRT110 firmware is prone to root shell command injection via cross-site request forgery. This vulnerability is the result of the web interface's failure to sanitize ping targets as well as a lack of csrf tokens. Linksys/Belkin...

0.4AI score0.25129EPSS
Exploits8
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.41 views

Mobile USB Drive HD 1.2 - Arbitrary File Upload Vulnerability

Title: ====== Mobile USB Drive HD 1.2 - Arbitrary File Upload Vulnerability Date: ===== 2013-06-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=989 VL-ID: ===== 989 Common Vulnerability Scoring System: ==================================== 6.8 Introduction:...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.69 views

SQL Injection in Dolphin

Advisory ID: HTB23157 Product: Dolphin Vendor: BoonEx Vulnerable Versions: 7.1.2 and probably prior Tested Version: 7.1.2 Vendor Notification: May 22, 2013 Vendor Patch: May 29, 2013 Public Disclosure: June 12, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2013-3638 Risk Level:...

9.3AI score0.0141EPSS
Exploits1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.63 views

Multiple XSS Vulnerabilities in Xaraya

Advisory ID: HTB23156 Product: Xaraya Vendor: Xaraya Development Group Vulnerable Versions: 2.4.0-b1 and probably prior Tested Version: 2.4.0-b1 Vendor Notification: May 15, 2013 Public Disclosure: June 26, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2013-3639 Risk...

4.3CVSS0.8AI score0.03217EPSS
Exploits2
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.117 views

[Full-disclosure] Magnolia CMS multiple access control vulnerabilities

Subject: ====== Multiple access control vulnerabilities in Magnolia CMS, Community and Enterprise editions CVE ID: ====== CVE-2013-4621 Summary: ======== A non-admin user such as default users eric / peter can access and execute multiple administrative functionalities of the CMS by accessing...

1.9AI score0.01762EPSS
Exploits1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.34 views

Cisco ASA NGFW DoS

Fragmented packets DoS...

7.8CVSS2.1AI score0.01904EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.44 views

Hard-coded accounts on multiple network cameras

Hard-coded accounts on multiple network cameras =============================================== ADVISORY INFORMATION Title: Hard-coded accounts on multiple network cameras Discovery date: 05/06/2013 Release date: 11/07/2013 Advisory URL: http://goo.gl/82Rlb Credits: Roberto Paleari...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.49 views

[oCERT-2013-001] File Roller path sanitization errors

2013-001 File Roller path sanitization errors Description: The File Roller archive manager for the GNOME desktop suffers from a path traversal vulnerability caused by insufficient path sanitization. A specially crafted archive file can be used to trigger creation of arbitrary files in any locatio...

5CVSS0.8AI score0.04307EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.94 views

[ MDVSA-2013:194 ] kernel

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:194 http://www.mandriva.com/en/support/security/ Package : kernel Date : July 11, 2013 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been found and corrected in the Linux...

7.9CVSS8.7AI score0.07313EPSS
Exploits8
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.61 views

[SECURITY] CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure

CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure Severity: Important Vendor: The Apache Software Foundation Version Affected: Apache Geronimo 3.0 Apache Geronimo 3.0 Beta 1 Apache Geronimo 3.0 M1 Description: A misconfigured RMI classloader in Apache Geronimo 3.0 may enable an attacker t...

10CVSS1.2AI score0.09808EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.95 views

Multiple Vulnerabilities in Kasseler CMS

Advisory ID: HTB23158 Product: Kasseler CMS Vendor: Kasseler CMS Vulnerable Versions: 2 r1223 and probably prior Tested Version: 2 r1223 Vendor Notification: May 29, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...

7.5CVSS0.3AI score0.02952EPSS
Exploits7
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.32 views

Cisco Email Security / Web Security / Content Security multiple security vulnerabilities

Code execution, DoS...

9CVSS2AI score0.0353EPSS
Exploits1Affected Software1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.43 views

File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities

====== File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities Date: ===== 2013-05-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=939 VL-ID: ===== 939 Common Vulnerability Scoring System: ==================================== 5.9 Introduction: ============= You ha...

Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.45 views

Multiple vulnerabilities in aCMS

Hello 3APA3A! These are Cross-Site Scripting, Content Spoofing and Information Leakage vulnerabilities in aCMS. This is commercial CMS. There are multiple vulnerabilities in aCMS and it's the first part of them. ------------------------- Affected products: ------------------------- Vulnerable are...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.115 views

Re: Cisco/Linksys E1200 N300 Reflected XSS

Mitre has assigned the following CVE for this issue: CVE-2013-2679 On Mon, Apr 29, 2013 at 12:27 AM, Carl Benedict [email protected] wrote: Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently...

0.9AI score0.19646EPSS
Exploits6
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.76 views

CVE-2013-3739 Local File Inclusion in Weathermap <= 0.97C

============================================= WEBERA ALERT ADVISORY 01 - Discovered by: Anthony Dubuissez - Severity: high - CVE Request - 03/06/2013 - CVE Assign - 03/06/2013 - CVE Number - CVE-2013-3739 - Vendor notification - 03/06/2013 - Vendor reply - No reply - Public disclosure - 10/06/201...

5CVSS5.7AI score0.03679EPSS
Exploits4
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.35 views

Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities

Title: ====== Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities Date: ===== 2013-04-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=934 VL-ID: ===== 934 Common Vulnerability Scoring System: ==================================== 5.6 Introduction: ============...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.66 views

SEC Consult SA-20130605-0 :: Multiple vulnerabilities in CTERA Portal

SEC Consult Vulnerability Lab Security Advisory 20130605-0 ======================================================================= title: Multiple vulnerabilities in CTERA Portal product: CTERA Portal vulnerable version: 3.1 fixed version: 3.2 impact: Critical homepage: http://www.ctera.com found...

Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.38 views

XSS, CS and FPD vulnerabilities in I Love It theme for WordPress

Hello 3APA3A! These are Cross-Site Scripting, Content Spoofing and Full path disclosure vulnerabilities in I Love It theme for WordPress. This is commercial premium theme. ------------------------- Affected products: ------------------------- All versions of I Love It theme for WordPress. The the...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.36 views

Wireless Disk PRO v2.3 iOS - Multiple Web Vulnerabilities

Title: ====== Wireless Disk PRO v2.3 iOS - Multiple Web Vulnerabilities Date: ===== 2013-02-26 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=883 VL-ID: ===== 883 Common Vulnerability Scoring System: ==================================== 6.2 Introduction: =============...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.22 views

Multiple IP-cameras backdoor accounts

Hardcoded accounts...

1.6AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.59 views

Multiple Vulnerabilities in OpenX

Advisory ID: HTB23155 Product: OpenX Vendor: OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Vendor Notification: May 8, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: PHP File Inclusion CWE-98, Cross-Site Scripting CWE-79 CVE...

4.3CVSS6.7AI score0.04226EPSS
Exploits6
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.53 views

XSS and CS vulnerabilities in TinyMCE Image Manager

Hello 3APA3A! These are Cross-Site Scripting and Content Spoofing vulnerabilities in TinyMCE Image Manager plugin for TinyMCE. ------------------------- Affected products: ------------------------- Vulnerable are TinyMCE Image Manager 1.1 and previous versions. ------------------------- Affected...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.78 views

Re: Project Pier Web Vulnerabilities

Mitre has assigned the following CVE's for these issues in Project Pier: XSS: CVE-2013-3635 Session cookies lack HttpOnly flag: CVE-2013-3636 Session cookies lack Secure flag: CVE-2013-3637 On Tue, May 21, 2013 at 9:26 PM, the infinitenigma [email protected] wrote: Summary...

0.01017EPSS
Exploits4
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.96 views

[Foreground Security 2013-002]: Corda Path Disclosure and XSS

Corda Path Disclosure and XSS ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2013-002 - Original release date: July 12, 2013 - Discovered by: Adam Willard Software Security Analyst at Foreground Security - Contact: awillard at foregroundsecurit...

Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.62 views

Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability

Title: ====== Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability Date: ===== 2013-07-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1000 VL-ID: ===== 1000 Common Vulnerability Scoring System: ==================================== 6.7 Introduction:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.61 views

(CVE-2013-1059) Linux Kernel libceph Null Pointer Dereference Vulnerability

Original URL: http://hkpco.kr/advisory/CVE-2013-1059.txt Linux Kernel libceph Null Pointer Dereference Vulnerability CVE-2013-1059 Author - Chanam Park @hkpco Website - http://hkpco.kr/ Date - 2013. 07. 06 0. Introduction This is very brief advisory just to record the vulnerability which I...

7.8CVSS7.3AI score0.04546EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.57 views

Joomla crypto vulnerability (all versions)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vulnerable Application All current and past versions of Joomla http://www.joomla.org up to 1.5.26, 2.5.11, 3.1.1. Also the Joomla platform and maybe the Joomla framework not tested. At the moment there is no vendor patch available. The Problem The...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.73 views

TA13-193A: Exploit Tool Targets Vulnerabilities in McAfee ePolicy Orchestrator (ePO)

US Computer Emergency Readiness Team banner graphic National Cyber Awareness System: TA13-193A: Exploit Tool Targets Vulnerabilities in McAfee ePolicy Orchestrator ePO 07/12/2013 02:19 PM EDT Original release date: July 12, 2013 Systems Affected McAfee ePolicy Orchestrator ePO Overview A new...

7.9CVSS6.7AI score0.02544EPSS
Exploits4
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.63 views

ESA-2013-052: RSA(r) Authentication Manager Sensitive Information Disclosure Vulnerability

ESA-2013-052.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-052: RSA® Authentication Manager Sensitive Information Disclosure Vulnerability EMC Identifier: ESA-2013-052 CVE Identifier: CVE-2013-3273 Severity Rating: CVSS v2 Base Score: 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C Affected Products:...

2.1CVSS0.5AI score0.00336EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.34 views

Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities

Title: ====== Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities Date: ===== 2013-04-21 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=932 VL-ID: ===== 932 Common Vulnerability Scoring System: ==================================== 6.1 Introduction: ===========...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.41 views

Adobe Coldfusion multiple security vulnereabilities

DoS, code execution...

10CVSS2.6AI score0.74265EPSS
Exploits6Affected Software1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.44 views

eFile Wifi Transfer Manager 1.0 iOS - Multiple Vulnerabilities

Title: ====== eFile Wifi Transfer Manager 1.0 iOS - Multiple Vulnerabilities Date: ===== 2013-06-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=982 VL-ID: ===== 982 Common Vulnerability Scoring System: ==================================== 6.8 Introduction:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.141 views

CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2

DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide...

4.2AI score0.01691EPSS
Exploits1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.89 views

[ MDVSA-2013:193 ] apache

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:193 http://www.mandriva.com/en/support/security/ Package : apache Date : July 11, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected i...

4.3CVSS6.5AI score0.29484EPSS
Exploits3
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.41 views

ESA-2013-050: EMC Replication Manager Sensitive Information Disclosure Vulnerability

ESA-2013-050.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-050: EMC Replication Manager Sensitive Information Disclosure Vulnerability EMC Identifier: ESA-2013-050 CVE Identifier: CVE-2013-3272 Severity Rating: CVSS v2 Base Score: 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C Affected products: EMC...

2.1CVSS0.4AI score0.00318EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.69 views

MiniUPnPd Information Disclosure (CVE-2013-2600)

Hi list, I am writing to inform you of an information disclosure vulnerability I noticed in MiniUPnPd a few months back. Specifically, MiniUPnPd versions 1.8 and earlier are prone to an information disclosure vulnerability due to improper use of snprintf while preparing SSDP responses. An attacke...

6.8AI score0.02335EPSS
Exploits1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.67 views

[ MDVSA-2013:195 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:195 http://www.mandriva.com/en/support/security/ Package : php Date : July 12, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected...

6.8CVSS8.2AI score0.05186EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.74 views

SEC Consult SA-20130709-0 :: Denial of service vulnerability in Apache CXF

SEC Consult Vulnerability Lab Security Advisory 20130709-0 ======================================================================= title: Denial of service vulnerability product: Apache CXF vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 fixed version: Apache CXF 2.5.10, 2.6.7 and...

5CVSS0.1AI score0.32259EPSS
Exploits6
Total number of security vulnerabilities47153