Securityvulns - Page 95 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2013/07/15 12:0 a.m.•59 views

(CVE-2013-1059) Linux Kernel libceph Null Pointer Dereference Vulnerability

Original URL: http://hkpco.kr/advisory/CVE-2013-1059.txt Linux Kernel libceph Null Pointer Dereference Vulnerability CVE-2013-1059 Author - Chanam Park @hkpco Website - http://hkpco.kr/ Date - 2013. 07. 06 0. Introduction This is very brief advisory just to record the vulnerability which I...

7.8CVSS7.3AI score0.01137EPSS

securityvulns•added 2013/07/15 12:0 a.m.•46 views

libxml2 DoS

Out-of-memory reading on incomplete document parsing...

5CVSS2.9AI score0.00628EPSS

Exploits0Affected Software1

securityvulns•added 2013/07/15 12:0 a.m.•66 views

SQL Injection in Dolphin

Advisory ID: HTB23157 Product: Dolphin Vendor: BoonEx Vulnerable Versions: 7.1.2 and probably prior Tested Version: 7.1.2 Vendor Notification: May 22, 2013 Vendor Patch: May 29, 2013 Public Disclosure: June 12, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2013-3638 Risk Level:...

9.3AI score0.0037EPSS

securityvulns•added 2013/07/15 12:0 a.m.•60 views

MiniUPnPd Information Disclosure (CVE-2013-2600)

Hi list, I am writing to inform you of an information disclosure vulnerability I noticed in MiniUPnPd a few months back. Specifically, MiniUPnPd versions 1.8 and earlier are prone to an information disclosure vulnerability due to improper use of snprintf while preparing SSDP responses. An attacke...

6.8AI score0.00493EPSS

securityvulns•added 2013/07/15 12:0 a.m.•31 views

Cisco ASA NGFW DoS

Fragmented packets DoS...

7.8CVSS2.1AI score0.00427EPSS

securityvulns•added 2013/07/15 12:0 a.m.•75 views

CS, XSS and FPD vulnerabilities in WordPress

Hello 3APA3A! These are Content Spoofing, Cross-Site Scripting and Full path disclosure vulnerabilities in WordPress. At WordPress 3.5.2 release the same at 3.5.1 release, WP developers mentioned about multiple fixed holes, but not about all - to make it looks like there were less fixed holes. So...

securityvulns•added 2013/07/15 12:0 a.m.•40 views

Adobe Shockwave Player multiple security vulnerabilities

Memory corruption, code execution...

10CVSS3.1AI score0.09187EPSS

Exploits0Affected Software1

securityvulns•added 2013/07/15 12:0 a.m.•45 views

EMC RSA Authentication Manager security vulnerabilities

Information leakage, SQL injection...

6.5CVSS3.7AI score0.81124EPSS

Exploits3References2Affected Software1

securityvulns•added 2013/07/15 12:0 a.m.•55 views

Multiple XSS Vulnerabilities in Xaraya

Advisory ID: HTB23156 Product: Xaraya Vendor: Xaraya Development Group Vulnerable Versions: 2.4.0-b1 and probably prior Tested Version: 2.4.0-b1 Vendor Notification: May 15, 2013 Public Disclosure: June 26, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2013-3639 Risk...

4.3CVSS0.8AI score0.06262EPSS

securityvulns•added 2013/07/15 12:0 a.m.•107 views

[Full-disclosure] Magnolia CMS multiple access control vulnerabilities

Subject: ====== Multiple access control vulnerabilities in Magnolia CMS, Community and Enterprise editions CVE ID: ====== CVE-2013-4621 Summary: ======== A non-admin user such as default users eric / peter can access and execute multiple administrative functionalities of the CMS by accessing...

1.9AI score0.00125EPSS

securityvulns•added 2013/07/15 12:0 a.m.•61 views

ESA-2013-052: RSA(r) Authentication Manager Sensitive Information Disclosure Vulnerability

ESA-2013-052.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-052: RSA® Authentication Manager Sensitive Information Disclosure Vulnerability EMC Identifier: ESA-2013-052 CVE Identifier: CVE-2013-3273 Severity Rating: CVSS v2 Base Score: 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C Affected Products:...

2.1CVSS0.5AI score0.00053EPSS

securityvulns•added 2013/07/15 12:0 a.m.•70 views

SEC Consult SA-20130709-0 :: Denial of service vulnerability in Apache CXF

SEC Consult Vulnerability Lab Security Advisory 20130709-0 ======================================================================= title: Denial of service vulnerability product: Apache CXF vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 fixed version: Apache CXF 2.5.10, 2.6.7 and...

5CVSS0.1AI score0.12253EPSS

securityvulns•added 2013/07/15 12:0 a.m.•24 views

EMC Replication Manager information leakage

Passwords are logged...

2.1CVSS1.5AI score0.00057EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/07/15 12:0 a.m.•81 views

EMC RSA BSAFE multiple security vulnerabilities

SSL-related attacks...

4.3CVSS3.4AI score0.03832EPSS

Exploits4References3Affected Software3

securityvulns•added 2013/07/15 12:0 a.m.•175 views

ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability

ESA-2013-045.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery aka “Lucky Thirteen” Vulnerability EMC Identifier: ESA-2013-045 CVE Identifier: CVE-2013-0169 Severity Rating: CVSS v2 Base Score: 2.6...

2.6CVSS7.1AI score0.00943EPSS

securityvulns•added 2013/07/15 12:0 a.m.•102 views

ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities

ESA-2013-039.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities EMC Identifier: ESA-2013-039 CVE Identifier: CVE-2011-3389, CVE-2013-0169 Severity Rating: CVSS v2 Base Score: Refer NVD http://nvd.nist.gov/ for individual scores for each CVE...

4.3CVSS0.2AI score0.03832EPSS

securityvulns•added 2013/07/15 12:0 a.m.•39 views

Mobile USB Drive HD 1.2 - Arbitrary File Upload Vulnerability

Title: ====== Mobile USB Drive HD 1.2 - Arbitrary File Upload Vulnerability Date: ===== 2013-06-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=989 VL-ID: ===== 989 Common Vulnerability Scoring System: ==================================== 6.8 Introduction:...

securityvulns•added 2013/07/15 12:0 a.m.•34 views

Wireless Disk PRO v2.3 iOS - Multiple Web Vulnerabilities

Title: ====== Wireless Disk PRO v2.3 iOS - Multiple Web Vulnerabilities Date: ===== 2013-02-26 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=883 VL-ID: ===== 883 Common Vulnerability Scoring System: ==================================== 6.2 Introduction: =============...

securityvulns•added 2013/07/15 12:0 a.m.•50 views

Adobe Acrobat / Reader multiple security vulnerabilities

Multiple memory corruptions, code execution, privilege escalation...

10CVSS3.3AI score0.89612EPSS

Exploits8References1Affected Software2

securityvulns•added 2013/07/15 12:0 a.m.•117 views

Apache security vulnerabilities

moddav malformed MERGE request crash, modrewrite log manipulation...

7.5CVSS1.7AI score0.52396EPSS

Exploits6References1Affected Software1

securityvulns•added 2013/07/15 12:0 a.m.•131 views

CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2

DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide...

4.2AI score0.00653EPSS

securityvulns•added 2013/07/15 12:0 a.m.•31 views

ESA-2013-050: EMC Replication Manager Sensitive Information Disclosure Vulnerability

ESA-2013-050.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-050: EMC Replication Manager Sensitive Information Disclosure Vulnerability EMC Identifier: ESA-2013-050 CVE Identifier: CVE-2013-3272 Severity Rating: CVSS v2 Base Score: 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C Affected products: EMC...

2.1CVSS0.4AI score0.00057EPSS

securityvulns•added 2013/07/15 12:0 a.m.•41 views

Hard-coded accounts on multiple network cameras

Hard-coded accounts on multiple network cameras =============================================== ADVISORY INFORMATION Title: Hard-coded accounts on multiple network cameras Discovery date: 05/06/2013 Release date: 11/07/2013 Advisory URL: http://goo.gl/82Rlb Credits: Roberto Paleari...

securityvulns•added 2013/07/15 12:0 a.m.•92 views

[ MDVSA-2013:194 ] kernel

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:194 http://www.mandriva.com/en/support/security/ Package : kernel Date : July 11, 2013 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been found and corrected in the Linux...

7.9CVSS8.7AI score0.15108EPSS

securityvulns•added 2013/07/15 12:0 a.m.•92 views

Multiple Vulnerabilities in Kasseler CMS

Advisory ID: HTB23158 Product: Kasseler CMS Vendor: Kasseler CMS Vulnerable Versions: 2 r1223 and probably prior Tested Version: 2 r1223 Vendor Notification: May 29, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...

7.5CVSS0.3AI score0.02398EPSS

securityvulns•added 2013/07/10 12:0 a.m.•163 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Memory corruption, use-after-free, privilege escalation, information leakage...

10CVSS2.8AI score0.21901EPSS

Exploits6References1Affected Software3

securityvulns•added 2013/07/10 12:0 a.m.•117 views

nginx buffer overflow

Buffer overflow on proxypass upstream HTTP server response processing. Buffer overflow on chunked response parsing...

7.5CVSS2.9AI score0.93039EPSS

Exploits18References1Affected Software1

securityvulns•added 2013/07/10 12:0 a.m.•160 views

VUPEN Security Research - Oracle Java Preloader Click-2-Play Warning Bypass Vulnerability

VUPEN Security Research - Oracle Java Applet Preloader Click-2-Play Warning Bypass Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Java is the foundation for virtually every type of networked application and is the global standa...

securityvulns•added 2013/07/10 12:0 a.m.•46 views

Re: OS-Command Injection via UPnP Interface in multiple D-Link devices

I can concur these issues exist in several other models as well. In fact, on any UPnP enabled D-Link from 868L and down, merely selecting "Display Hidden Elements" inside the developer tool bar, will expose the entire administrative GUI. Additional models I found the same bug, though I'm so sure...

securityvulns•added 2013/07/10 12:0 a.m.•79 views

[SECURITY] [DSA 2721-1] nginx security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2721-1 [email protected] http://www.debian.org/security/ Nico Golde July 07, 2013 http://www.debian.org/security/faq -...

5.8CVSS3.3AI score0.06821EPSS

securityvulns•added 2013/07/10 12:0 a.m.•36 views

Authentication bypass in D-Link routers

Vendor: D-Link Affected Products: -DIR-505L SharePort Mobile Companion HW: A1 / FW: 1.01 -DIR-826L Wireless N600 Cloud Router HW: A1 / FW: 1.02 Vendor Notification: April 8, 2013 Public Disclosure: July 8, 2013 Vulnerability Type: Authentication Bypass CVE Reference: CVE-2013-4772 Solution Status...

9.3CVSS2.2AI score0.00141EPSS

securityvulns•added 2013/07/10 12:0 a.m.•78 views

[security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03813919 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03813919 Version: 2 HPSBST02890 rev....

7.7CVSS0.7AI score0.00119EPSS

securityvulns•added 2013/07/10 12:0 a.m.•48 views

Re: [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in unauthorized access and modification. A user who is logged in via the HPSupport user account does not have access to the dat...

securityvulns•added 2013/07/10 12:0 a.m.•50 views

Authentication bypass in D-Link devices (session cookies not validated)

Vendor: D-Link Affected Products: -DIR-505L SharePort Mobile Companion HW: A1 / FW: 1.01 -DIR-826L Wireless N600 Cloud Router HW: A1 / FW: 1.02 Vendor Notification: April 8, 2013 Public Disclosure: July 8, 2013 Vulnerability Type: Authentication Bypass CVE Reference: CVE-2013-4772 Solution Status...

9.3CVSS1.3AI score0.00141EPSS

securityvulns•added 2013/07/10 12:0 a.m.•29 views

RSA SecurID weak encryption

Symmetric key is stored locally with weak encryption...

2.1CVSS3.3AI score0.00039EPSS

Exploits0References1

securityvulns•added 2013/07/10 12:0 a.m.•40 views

HP StoreOnce D2D unauthorized access

There is built-in support account with permissions to reset administrator's password...

7.7CVSS2.5AI score0.00119EPSS

Exploits0References2

securityvulns•added 2013/07/10 12:0 a.m.•59 views

Zoom X4/X5 ADSL Modem and Router -Unauthenticated Remote Root Command Execution

Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Note: A similar vulnerability was reported several years ag...

securityvulns•added 2013/07/10 12:0 a.m.•57 views

VUPEN Security Research - Mozilla Firefox Maintenance Service Privilege Escalation Vulnerabilities

VUPEN Security Research - Mozilla Firefox Maintenance Service Local Privilege Escalation Vulnerabilities Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Mozilla Firefox is a free and open source web browser coordinated by Mozilla Corporation a...

securityvulns•added 2013/07/10 12:0 a.m.•73 views

OS-Command Injection via UPnP Interface in multiple D-Link devices

Vendor: D-Link Devices: DIR-300 rev B / DIR-600 rev B / DIR-645 / DIR-845 / DIR-865 / DAP1522 ============ Vulnerable Firmware Releases: ============ DIR-300 rev B - 2.14b01 DIR-600 - 2.16b01 DIR-645 - 1.04b01 DIR-845 - 1.01b02 DIR-865 - 1.05b03 Other devices and firmware versions may be also...

securityvulns•added 2013/07/10 12:0 a.m.•28 views

Zoom routers unauthorized access

Authentication bypass, protection bypass...

Exploits0References1

securityvulns•added 2013/07/10 12:0 a.m.•69 views

ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability

EMC Identifier: ESA-2013-029 CVE Identifier: CVE-2013-0941 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected Products: RSA Authentication API versions prior to 8.1 SP1 RSA Web Agent for Apache Web Server versions prior to 5.3.5 RSA Web Agent for IIS versions prior to...

2.1CVSS0.2AI score0.00039EPSS

securityvulns•added 2013/07/08 12:0 a.m.•41 views

[waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin

waraxe-2013-SA104 - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin =================================================================================== Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-104.html Descriptio...

securityvulns•added 2013/07/08 12:0 a.m.•42 views

XSS and FPD vulnerabilities in Search and Share for WordPress

Hello 3APA3A! I want to inform you about vulnerabilities in Search and Share plugin for WordPress. These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in ZeroClipboard.swf, which is used in the plugin. In February I've wrote about Cross-Site Scripting...

securityvulns•added 2013/07/08 12:0 a.m.•50 views

AFU vulnerabilities in MCFileManager for TinyMCE

Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode File Manager MCFileManager. This is commercial plugin for TinyMCE. It concerns as MCFileManager, as all web applications which have MCFileManager in their bundle. These are Arbitrary File Uploading vulnerabilities, which lead to...

securityvulns•added 2013/07/08 12:0 a.m.•34 views

AVAST Internet Security Suite - Persistent Vulnerabilities

Title: ====== AVAST Internet Security Suite - Persistent Vulnerabilities Date: ===== 2013-06-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=969 VL-ID: ===== 969 Common Vulnerability Scoring System: ==================================== 3.4 Introduction: =============...

securityvulns•added 2013/07/08 12:0 a.m.•45 views

[ MDVSA-2013:190 ] autotrace

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:190 http://www.mandriva.com/en/support/security/ Package : autotrace Date : July 2, 2013 Affected: Business Server 1.0 Problem Description: Updated autotrace package fixes security vulnerability: Stack-based...

6.8CVSS9.7AI score0.00347EPSS

securityvulns•added 2013/07/08 12:0 a.m.•53 views

[ MDVSA-2013:184 ] perl-Dancer

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:184 http://www.mandriva.com/en/support/security/ Package : perl-Dancer Date : June 27, 2013 Affected: Business Server 1.0 Problem Description: Updated perl-Dancer package fixes CVE-2012-5572 A security flaw...

5CVSS6.2AI score0.00516EPSS

securityvulns•added 2013/07/08 12:0 a.m.•52 views

FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress

Hello 3APA3A! These are Full path disclosure and Security bypass vulnerabilities in Exploit Scanner for WordPress. This is security plugin for detecting exploits and backdoors in WordPress. Which failed to identify my Backdoored Web Application BWA - a reference test of backdoor scanners released...

securityvulns•added 2013/07/08 12:0 a.m.•33 views

WordPress 3.5.1, Denial of Service

Version 3.5.1 latest of popular blogging engine WordPress suffers from remote denial of service vulnerability. The bug exists in encryption module class-phpass.php. The exploitation of this vulnerability is possible only when at least one post is protected by a password. Time frames: 31.05.2013...

securityvulns•added 2013/07/08 12:0 a.m.•27 views

Avast antiviral products multiple security vulnerabilities

Privilege escalations...

Exploits0References3

Total number of security vulnerabilities47153