Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2013/07/15 12:0 a.m.50 views

[oCERT-2013-001] File Roller path sanitization errors

2013-001 File Roller path sanitization errors Description: The File Roller archive manager for the GNOME desktop suffers from a path traversal vulnerability caused by insufficient path sanitization. A specially crafted archive file can be used to trigger creation of arbitrary files in any locatio...

5CVSS0.8AI score0.04307EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.70 views

SQL Injection in Dolphin

Advisory ID: HTB23157 Product: Dolphin Vendor: BoonEx Vulnerable Versions: 7.1.2 and probably prior Tested Version: 7.1.2 Vendor Notification: May 22, 2013 Vendor Patch: May 29, 2013 Public Disclosure: June 12, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2013-3638 Risk Level:...

9.3AI score0.0141EPSS
Exploits1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.80 views

VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe

Hi @ll, the current Adobe Reader 11.0.03 installs the following VULNERABLE 3rd party components: 1. Adobe Flash Player Plugin 11.5.502.110 | X:filever.exe /S "ProgramFilesAdobenpswf.dll" | x:program filesadobereader 11.0readernpswf.dll | --a-- W32i DLL ENU 11.5.502.110 shp 14,588,632 05-11-2013...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.35 views

Cisco ASA NGFW DoS

Fragmented packets DoS...

7.8CVSS2.1AI score0.01904EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.131 views

CVE-2013-3568 - Linksys CSRF + Root Command Injection

Hi list, I would like to inform you that the latest available Linksys WRT110 firmware is prone to root shell command injection via cross-site request forgery. This vulnerability is the result of the web interface's failure to sanitize ping targets as well as a lack of csrf tokens. Linksys/Belkin...

0.4AI score0.25129EPSS
Exploits8
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.61 views

ASUS RT-N66U Router - HTTPS Directory traversal and full file access and credential disclosure vuln

Vulnerable product: ASUS RT-N66U when HTTPS WebService via AiCloud is enabled AC66R and RT-N65U are effected as well, but need more testing Vulnerabilities: - Linux 2.6.22 - Researched on both 3.0.0.4.270 and 3.0.0.4.354 firmware - Full directory traversal and plain text disclosure of all sensiti...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.64 views

Multiple XSS Vulnerabilities in Xaraya

Advisory ID: HTB23156 Product: Xaraya Vendor: Xaraya Development Group Vulnerable Versions: 2.4.0-b1 and probably prior Tested Version: 2.4.0-b1 Vendor Notification: May 15, 2013 Public Disclosure: June 26, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2013-3639 Risk...

4.3CVSS0.8AI score0.03217EPSS
Exploits2
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.51 views

Multiple vulnerabilities in BMC SERVICE DESK EXPRESS (SDE) Version 10.2.1.95

Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC Multiple vulnerabilities in BMC SERVICE DESK EXPRESS SDE Version 10.2.1.95 Affected Product: BMC SERVICE DESK EXPRESS SDE Version 10.2.1.95 Timeline: 07 June 2013 - Vulnerability found 12 June 2013 - Vendor informed 17 June 2013 -...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.67 views

Multiple Vulnerabilities in Exponent CMS

Advisory ID: HTB23154 Product: Exponent CMS Vendor: Online Innovative Creations Vulnerable Versions: 2.2.0 beta 3 and probably prior Tested Version: 2.2.0 beta 3 Vendor Notification: April 24, 2013 Vendor Patch: May 3, 2013 Public Disclosure: May 15, 2013 Vulnerability Type: SQL Injection CWE-89,...

7.5CVSS8.1AI score0.02452EPSS
Exploits5
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.62 views

[SECURITY] CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure

CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure Severity: Important Vendor: The Apache Software Foundation Version Affected: Apache Geronimo 3.0 Apache Geronimo 3.0 Beta 1 Apache Geronimo 3.0 M1 Description: A misconfigured RMI classloader in Apache Geronimo 3.0 may enable an attacker t...

10CVSS1.2AI score0.09808EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.46 views

Multiple vulnerabilities in aCMS

Hello 3APA3A! These are Cross-Site Scripting, Content Spoofing and Information Leakage vulnerabilities in aCMS. This is commercial CMS. There are multiple vulnerabilities in aCMS and it's the first part of them. ------------------------- Affected products: ------------------------- Vulnerable are...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.36 views

Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities

Title: ====== Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities Date: ===== 2013-04-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=934 VL-ID: ===== 934 Common Vulnerability Scoring System: ==================================== 5.6 Introduction: ============...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.171 views

[waraxe-2013-SA#106] - Multiple Vulnerabilities in Saurus CMS 4.7.1

waraxe-2013-SA106 - Multiple Vulnerabilities in Saurus CMS 4.7.1 ================================================================================ Author: Janek Vind "waraxe" Date: 14. July 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-106.html Description of vulnerable software...

Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.64 views

ESA-2013-052: RSA(r) Authentication Manager Sensitive Information Disclosure Vulnerability

ESA-2013-052.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-052: RSA® Authentication Manager Sensitive Information Disclosure Vulnerability EMC Identifier: ESA-2013-052 CVE Identifier: CVE-2013-3273 Severity Rating: CVSS v2 Base Score: 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C Affected Products:...

2.1CVSS0.5AI score0.00336EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.54 views

XSS and CS vulnerabilities in TinyMCE Image Manager

Hello 3APA3A! These are Cross-Site Scripting and Content Spoofing vulnerabilities in TinyMCE Image Manager plugin for TinyMCE. ------------------------- Affected products: ------------------------- Vulnerable are TinyMCE Image Manager 1.1 and previous versions. ------------------------- Affected...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.35 views

Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities

Title: ====== Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities Date: ===== 2013-04-21 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=932 VL-ID: ===== 932 Common Vulnerability Scoring System: ==================================== 6.1 Introduction: ===========...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.42 views

fail2ban DoS

It's possible to trigger a block for arbitrary client...

5CVSS2.4AI score0.01763EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.180 views

ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability

ESA-2013-045.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery aka “Lucky Thirteen” Vulnerability EMC Identifier: ESA-2013-045 CVE Identifier: CVE-2013-0169 Severity Rating: CVSS v2 Base Score: 2.6...

2.6CVSS7.1AI score0.35584EPSS
Exploits1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.105 views

ESA-2013-032 RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability

ESA-2013-032.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-032: RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery aka “Lucky Thirteen” Vulnerability EMC Identifier: ESA-2013-032 CVE Identifier: CVE-2013-0169 Severity Rating: CVSS v2 Base Score: 2.6...

2.6CVSS0.35584EPSS
Exploits1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.83 views

EMC RSA BSAFE multiple security vulnerabilities

SSL-related attacks...

4.3CVSS3.4AI score0.73327EPSS
Exploits4References3Affected Software3
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.104 views

ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities

ESA-2013-039.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities EMC Identifier: ESA-2013-039 CVE Identifier: CVE-2011-3389, CVE-2013-0169 Severity Rating: CVSS v2 Base Score: Refer NVD http://nvd.nist.gov/ for individual scores for each CVE...

4.3CVSS0.2AI score0.73327EPSS
Exploits4
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.62 views

[ MDVSA-2013:188 ] otrs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:188 http://www.mandriva.com/en/support/security/ Package : otrs Date : July 2, 2013 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerabilities: An attacker with a...

6.5AI score0.02366EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.1298 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.6AI score0.10692EPSS
Exploits36References27Affected Software22
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.97 views

[Foreground Security 2013-002]: Corda Path Disclosure and XSS

Corda Path Disclosure and XSS ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2013-002 - Original release date: July 12, 2013 - Discovered by: Adam Willard Software Security Analyst at Foreground Security - Contact: awillard at foregroundsecurit...

Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.67 views

SEC Consult SA-20130605-0 :: Multiple vulnerabilities in CTERA Portal

SEC Consult Vulnerability Lab Security Advisory 20130605-0 ======================================================================= title: Multiple vulnerabilities in CTERA Portal product: CTERA Portal vulnerable version: 3.1 fixed version: 3.2 impact: Critical homepage: http://www.ctera.com found...

Exploits0
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.82 views

[security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03813919 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03813919 Version: 2 HPSBST02890 rev....

7.7CVSS0.7AI score0.0082EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.164 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Memory corruption, use-after-free, privilege escalation, information leakage...

10CVSS2.8AI score0.10893EPSS
Exploits6References1Affected Software3
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.41 views

Authentication bypass in D-Link routers

Vendor: D-Link Affected Products: -DIR-505L SharePort Mobile Companion HW: A1 / FW: 1.01 -DIR-826L Wireless N600 Cloud Router HW: A1 / FW: 1.02 Vendor Notification: April 8, 2013 Public Disclosure: July 8, 2013 Vulnerability Type: Authentication Bypass CVE Reference: CVE-2013-4772 Solution Status...

9.3CVSS2.2AI score0.0416EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.49 views

Re: [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in unauthorized access and modification. A user who is logged in via the HPSupport user account does not have access to the dat...

2.9AI score
Exploits0
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.59 views

VUPEN Security Research - Mozilla Firefox Maintenance Service Privilege Escalation Vulnerabilities

VUPEN Security Research - Mozilla Firefox Maintenance Service Local Privilege Escalation Vulnerabilities Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Mozilla Firefox is a free and open source web browser coordinated by Mozilla Corporation a...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.53 views

Authentication bypass in D-Link devices (session cookies not validated)

Vendor: D-Link Affected Products: -DIR-505L SharePort Mobile Companion HW: A1 / FW: 1.01 -DIR-826L Wireless N600 Cloud Router HW: A1 / FW: 1.02 Vendor Notification: April 8, 2013 Public Disclosure: July 8, 2013 Vulnerability Type: Authentication Bypass CVE Reference: CVE-2013-4772 Solution Status...

9.3CVSS1.3AI score0.0416EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.77 views

OS-Command Injection via UPnP Interface in multiple D-Link devices

Vendor: D-Link Devices: DIR-300 rev B / DIR-600 rev B / DIR-645 / DIR-845 / DIR-865 / DAP1522 ============ Vulnerable Firmware Releases: ============ DIR-300 rev B - 2.14b01 DIR-600 - 2.16b01 DIR-645 - 1.04b01 DIR-845 - 1.01b02 DIR-865 - 1.05b03 Other devices and firmware versions may be also...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.48 views

Re: OS-Command Injection via UPnP Interface in multiple D-Link devices

I can concur these issues exist in several other models as well. In fact, on any UPnP enabled D-Link from 868L and down, merely selecting "Display Hidden Elements" inside the developer tool bar, will expose the entire administrative GUI. Additional models I found the same bug, though I'm so sure...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.119 views

nginx buffer overflow

Buffer overflow on proxypass upstream HTTP server response processing. Buffer overflow on chunked response parsing...

7.5CVSS2.9AI score0.87475EPSS
Exploits18References1Affected Software1
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.41 views

HP StoreOnce D2D unauthorized access

There is built-in support account with permissions to reset administrator's password...

7.7CVSS2.5AI score0.0082EPSS
Exploits0References2
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.29 views

Zoom routers unauthorized access

Authentication bypass, protection bypass...

5.5AI score
Exploits0References1
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.81 views

[SECURITY] [DSA 2721-1] nginx security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2721-1 [email protected] http://www.debian.org/security/ Nico Golde July 07, 2013 http://www.debian.org/security/faq -...

5.8CVSS3.3AI score0.11925EPSS
Exploits3
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.65 views

Zoom X4/X5 ADSL Modem and Router -Unauthenticated Remote Root Command Execution

Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Note: A similar vulnerability was reported several years ag...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.168 views

VUPEN Security Research - Oracle Java Preloader Click-2-Play Warning Bypass Vulnerability

VUPEN Security Research - Oracle Java Applet Preloader Click-2-Play Warning Bypass Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Java is the foundation for virtually every type of networked application and is the global standa...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.77 views

ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability

EMC Identifier: ESA-2013-029 CVE Identifier: CVE-2013-0941 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected Products: RSA Authentication API versions prior to 8.1 SP1 RSA Web Agent for Apache Web Server versions prior to 5.3.5 RSA Web Agent for IIS versions prior to...

2.1CVSS0.2AI score0.01263EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.36 views

RSA SecurID weak encryption

Symmetric key is stored locally with weak encryption...

2.1CVSS3.3AI score0.01263EPSS
Exploits0References1
securityvulns
securityvulns
added 2013/07/08 12:0 a.m.58 views

[ MDVSA-2013:192 ] php-radius

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:192 http://www.mandriva.com/en/support/security/ Package : php-radius Date : July 2, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A security vulnerability was discovered and...

7.5CVSS6.3AI score0.03684EPSS
Exploits1
securityvulns
securityvulns
added 2013/07/08 12:0 a.m.48 views

[USN-1896-1] Module::Signature perl module vulnerability

========================================================================== Ubuntu Security Notice USN-1896-1 July 03, 2013 libmodule-signature-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

4.4CVSS0.9AI score0.00553EPSS
Exploits1
securityvulns
securityvulns
added 2013/07/08 12:0 a.m.74 views

Content Spoofing vulnerabilities in TinyMCE and WordPress

Hello 3APA3A! This are Content Spoofing vulnerabilities in TinyMCE and WordPress. Which I've disclosed on Wednesday. In 2011 I already wrote about Content Spoofing in Moxieplayer, when I wrote concerning multiple vulnerabilities in TinyMCE http://securityvulns.ru/docs27349.html, which is a...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/07/08 12:0 a.m.62 views

[CVE-2013-4694] WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows

Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: WinAmp Vendor URL: www.winamp.com Type: Stack-based Buffer Overflow CWE-121 Date found: 2013-06-05 Date published: 2013-07-01 CVSSv2 Score: Bug 1: 7,5 AV:N/AC:L/Au:N/C:P/I:P/A:P Bug 2: 3,7...

7.5CVSS8.1AI score0.17215EPSS
Exploits9
securityvulns
securityvulns
added 2013/07/08 12:0 a.m.47 views

AFU vulnerabilities in MCImageManager for TinyMCE

Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Arbitrary File Uploading vulnerabilities, which lead...

1.8AI score
Exploits0
securityvulns
securityvulns
added 2013/07/08 12:0 a.m.20 views

autotrace buffer overflow

Buffer overflow on BMP processing...

6.8CVSS5.7AI score0.01731EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/07/08 12:0 a.m.48 views

[ MDVSA-2013:190 ] autotrace

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:190 http://www.mandriva.com/en/support/security/ Package : autotrace Date : July 2, 2013 Affected: Business Server 1.0 Problem Description: Updated autotrace package fixes security vulnerability: Stack-based...

6.8CVSS9.7AI score0.01731EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/08 12:0 a.m.108 views

[waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin

waraxe-2013-SA105 - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin =================================================================================== Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-105.html Description of...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2013/07/08 12:0 a.m.29 views

perl Module::Signature privilege escalation

Relative path is used to execute external application...

4.4CVSS3.1AI score0.00553EPSS
Exploits1References1
Total number of security vulnerabilities47153