Securityvulns - Page 96 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2013/07/08 12:0 a.m.•44 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

4.3CVSS1.6AI score0.01677EPSS

Exploits5References21Affected Software9

securityvulns•added 2013/07/08 12:0 a.m.•47 views

WordPress category-grid-view-galler plugin Cross-Site Scripting Vulnerabilities

The WordPress category-grid-view-galler plugin suffers from a Cross-Site Scripting vulnerability. Iranian Exploit DataBase http://exploit.iedb.ir Exploit Title : WordPress category-grid-view-galler plugin Cross-Site Scripting Vulnerabilities Author : Iranian Exploit DataBase Discovered By : IeDb...

securityvulns•added 2013/07/08 12:0 a.m.•59 views

XSS and FPD vulnerabilities in Search 'N Save for WordPress

Hello 3APA3A! I want to inform you about vulnerabilities in Search 'N Save plugin for WordPress. These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in ZeroClipboard.swf, which is used in the plugin. In February I wrote about Cross-Site Scripting...

securityvulns•added 2013/07/08 12:0 a.m.•134 views

Vulnerabilities in multiple plugins for WordPress with VideoJS

Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in multiple plugins for WordPress with VideoJS. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21. This is popular video and audio player, which is used at hundreds thousands of web sites...

securityvulns•added 2013/07/08 12:0 a.m.•19 views

autotrace buffer overflow

Buffer overflow on BMP processing...

6.8CVSS5.7AI score0.00347EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/07/08 12:0 a.m.•53 views

XSS and FPD vulnerabilities in I Love It New theme for WordPress

Hello 3APA3A! These are Cross-Site Scripting and Full path disclosure vulnerabilities in I Love It New theme for WordPress. This is commercial premium theme. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21 and in multiple web applications...

securityvulns•added 2013/07/08 12:0 a.m.•48 views

FPD, XSS and CS vulnerabilities in Slash WP theme for WordPress

Hello 3APA3A! I want to warn you about multiple vulnerabilities in Slash WP theme for WordPress. This is commercial theme for WP. These are Full path disclosure, Cross-Site Scripting and Content Spoofing vulnerabilities. ------------------------- Affected products: -------------------------...

securityvulns•added 2013/07/08 12:0 a.m.•34 views

libvirt DoS

Resources exhaustion...

5CVSS1.9AI score0.03779EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/07/08 12:0 a.m.•57 views

Denial of Service in WordPress

Hello 3APA3A! These are Denial of Service vulnerabilities WordPress. Which I've disclosed two days ago http://websecurity.com.ua/6600/. About XSS vulnerabilities in WordPress, which exist in two redirectors, I wrote last year http://securityvulns.ru/docs27917.html. About Redirector vulnerabilitie...

securityvulns•added 2013/07/08 12:0 a.m.•35 views

ElasticSearch double free

ElasticSearch rsyslog plugin doble free...

6.8CVSS2.1AI score0.01216EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/07/08 12:0 a.m.•38 views

Multiple vulnerabilities in multiple themes for WordPress with VideoJS

Hello 3APA3A! These are Cross-Site Scripting and Full path disclosure vulnerabilities in multiple themes for WordPress with VideoJS. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21. This is popular video and audio player, which is used at hundred...

securityvulns•added 2013/07/08 12:0 a.m.•70 views

Content Spoofing vulnerabilities in TinyMCE and WordPress

Hello 3APA3A! This are Content Spoofing vulnerabilities in TinyMCE and WordPress. Which I've disclosed on Wednesday. In 2011 I already wrote about Content Spoofing in Moxieplayer, when I wrote concerning multiple vulnerabilities in TinyMCE http://securityvulns.ru/docs27349.html, which is a...

securityvulns•added 2013/07/08 12:0 a.m.•36 views

php-radius buffer overflow

Buffer overflow in radiusgetvendorattr...

7.5CVSS3.7AI score0.02798EPSS

Exploits1References1Affected Software1

securityvulns•added 2013/07/08 12:0 a.m.•71 views

WordPress feed plugin Sql Injection

The WordPress feed plugin suffers from a Sql Injection vulnerability. Iranian Exploit DataBase http://exploit.iedb.ir Exploit Title : WordPress feed plugin Sql Injection Author : Iranian Exploit DataBase Discovered By : IeDb Email : [email protected] Home : http://exploit.iedb.ir Software Link ...

securityvulns•added 2013/07/08 12:0 a.m.•57 views

LSE Leading Security Experts GmbH - LSE-2013-07-03 - rsyslog ElasticSearch Plugin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory 2013-07-03 === rsyslog ElasticSearch Plugin - Double Free Memory Corruption - ------------------------------------------------------------ Affected Version ================ rsyslog 7.4.0 stable...

6.8CVSS0.01216EPSS

securityvulns•added 2013/07/08 12:0 a.m.•51 views

[ MDVSA-2013:191 ] fail2ban

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:191 http://www.mandriva.com/en/support/security/ Package : fail2ban Date : July 2, 2013 Affected: Business Server 1.0 Problem Description: Updated fail2ban packages fix CVE-2013-2178 Krzysztof...

5CVSS6.3AI score0.00828EPSS

securityvulns•added 2013/07/08 12:0 a.m.•29 views

WordPress Denial of Service exploit

Hello 3APA3A! Here is my version of vnd's PoC https://vndh.net/note:wordpress-351-denial-service. This exploit is for Denial of Service vulnerability in WordPress 3.4 - 3.5.1. My version solves some issues in original PoC. Concerning this Denial of Service in WordPress. As I wrote last week in my...

securityvulns•added 2013/07/08 12:0 a.m.•29 views

Cross-Site Scripting vulnerabilities in WordPress

Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in WordPress. Which I've disclosed last week. At WordPress 3.5.2 release, WP developers mentioned about three holes as "security hardenings" to decrease their importance and to make it looks like there were less fixed holes. One of thes...

securityvulns•added 2013/07/08 12:0 a.m.•96 views

[waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin

waraxe-2013-SA105 - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin =================================================================================== Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-105.html Description of...

securityvulns•added 2013/07/08 12:0 a.m.•33 views

Wordpress wp-private-messages Plugin Sql Injection vulnerability

The Wordpress wp-private-messages Plugin suffers from a Sql Injection vulnerability. Iranian Exploit DataBase Www.exploit.IrIsT.Ir Exploit Title : Wordpress wp-private-messages Plugin Sql Injection vulnerability Author : Iranian Exploit DataBase Discovered By : IeDb Home : http://exploit.IrIsT.Ir...

securityvulns•added 2013/07/08 12:0 a.m.•38 views

WinAmp security vulnerabilities

Buffer overflow, uninitialized pointer dereference...

7.5CVSS3.9AI score0.40703EPSS

Exploits14References2Affected Software1

securityvulns•added 2013/07/08 12:0 a.m.•39 views

FPD and Security bypass vulnerabilities in AntiVirus for WordPress

Hello 3APA3A! These are Full path disclosure and Security bypass vulnerabilities in AntiVirus for WordPress. This is security plugin for detecting exploits and backdoors in WordPress. Which failed to identify my Backdoored Web Application BWA - a reference test of backdoor scanners released in...

securityvulns•added 2013/07/08 12:0 a.m.•53 views

[ MDVSA-2013:192 ] php-radius

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:192 http://www.mandriva.com/en/support/security/ Package : php-radius Date : July 2, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A security vulnerability was discovered and...

7.5CVSS6.3AI score0.02798EPSS

securityvulns•added 2013/07/08 12:0 a.m.•27 views

perl Module::Signature privilege escalation

Relative path is used to execute external application...

4.4CVSS3.1AI score0.00198EPSS

Exploits1References1

securityvulns•added 2013/07/08 12:0 a.m.•166 views

Linksys EA - 2700, 3500, 4200, 4500 w/ Lighttpd 1.4.28 Unauthenticated Remote Administration Access

Vulnerable products : Linksys EA2700, EA3500, E4200, EA4500 using lighttpd 1.4.28 and Utopia on Linux 2.6.22 Firmware Version: 1.0.14 EA2700 Firmware Version: 1.0.30 EA3500 Firmware Version: 2.0.36 E4200 Firmware Version: 2.0.36 EA4500 Impact: - Major Timeline: - Still awaiting word back from...

securityvulns•added 2013/07/08 12:0 a.m.•45 views

[USN-1896-1] Module::Signature perl module vulnerability

========================================================================== Ubuntu Security Notice USN-1896-1 July 03, 2013 libmodule-signature-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

4.4CVSS0.9AI score0.00198EPSS

securityvulns•added 2013/07/08 12:0 a.m.•76 views

[USN-1895-1] libvirt vulnerability

========================================================================== Ubuntu Security Notice USN-1895-1 July 02, 2013 libvirt vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

5CVSS0.6AI score0.03779EPSS

securityvulns•added 2013/07/08 12:0 a.m.•35 views

AVAST Antivirus v8.0.1489 - Multiple Core Vulnerabilities

Title: ====== AVAST Antivirus v8.0.1489 - Multiple Core Vulnerabilities Date: ===== 2013-06-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=963 VL-ID: ===== 963 Common Vulnerability Scoring System: ==================================== 4.1 Introduction: =============...

securityvulns•added 2013/07/08 12:0 a.m.•42 views

[CVE-2013-4695] WinAmp v5.63 gen_ff.dll links.xml Value Parsing Invalid Pointer Dereference

Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: WinAmp Vendor URL: www.winamp.com Type: Pointer Issues CWE-465 Date found: 2013-06-05 Date published: 2013-07-01 CVSSv2 Score: 4,4 AV:L/AC:M/Au:N/C:P/I:P/A:P CVE: CVE-2013-4695 2. CREDITS...

0.2AI score0.03259EPSS

securityvulns•added 2013/07/08 12:0 a.m.•41 views

AVAST Universal Core Installer - Multiple Vulnerabilities

Title: ====== AVAST Universal Core Installer - Multiple Vulnerabilities Date: ===== 2013-06-28 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=966 VL-ID: ===== 965 Common Vulnerability Scoring System: ==================================== 4.2 Introduction: =============...

securityvulns•added 2013/07/08 12:0 a.m.•30 views

perl-Dancer headers injection

headers injection in cookie handling methods...

5CVSS2.7AI score0.00516EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/07/08 12:0 a.m.•72 views

[SECURITY] [DSA 2718-1] wordpress security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2718-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez July 01, 2013 http://www.debian.org/security/faq -...

6.4CVSS1.4AI score0.5836EPSS

securityvulns•added 2013/07/08 12:0 a.m.•57 views

[CVE-2013-4694] WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows

Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: WinAmp Vendor URL: www.winamp.com Type: Stack-based Buffer Overflow CWE-121 Date found: 2013-06-05 Date published: 2013-07-01 CVSSv2 Score: Bug 1: 7,5 AV:N/AC:L/Au:N/C:P/I:P/A:P Bug 2: 3,7...

7.5CVSS8.1AI score0.40703EPSS

securityvulns•added 2013/07/08 12:0 a.m.•44 views

AFU vulnerabilities in MCImageManager for TinyMCE

Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Arbitrary File Uploading vulnerabilities, which lead...

securityvulns•added 2013/07/01 12:0 a.m.•46 views

HAProxy security vulnerabilities

Few memory corruptions...

5.1CVSS2.2AI score0.00198EPSS

Exploits0References2Affected Software1

securityvulns•added 2013/07/01 12:0 a.m.•48 views

CVE-2013-2154: Apache Santuario C++ stack overflow vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2154: Apache Santuario XML Security for C++ contains a stack overflow during XPointer evaluation Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security for C++ library versions prior to...

7.5CVSS0.6AI score0.01673EPSS

securityvulns•added 2013/07/01 12:0 a.m.•42 views

Ruby certificate spoofing

It's possible to bypass certificate name check...

6.8CVSS1.5AI score0.02834EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/07/01 12:0 a.m.•67 views

[slackware-security] ruby (SSA:2013-178-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security ruby SSA:2013-178-01 New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+...

6.8CVSS5.8AI score0.02834EPSS

securityvulns•added 2013/07/01 12:0 a.m.•115 views

CVE-2013-2155: Apache Santuario C++ denial of service vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2155: Apache Santuario XML Security for C++ contains denial of service and hash length bypass issues while processing HMAC signatures Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security...

5.8CVSS0.4AI score0.0222EPSS

securityvulns•added 2013/07/01 12:0 a.m.•69 views

[ MDVSA-2013:180 ] curl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:180 http://www.mandriva.com/en/support/security/ Package : curl Date : June 27, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and correcte...

6.8CVSS5.6AI score0.03181EPSS

securityvulns•added 2013/07/01 12:0 a.m.•41 views

[USN-1885-1] libKDcraw vulnerability

========================================================================== Ubuntu Security Notice USN-1885-1 June 18, 2013 libkdcraw vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS0.8AI score0.02433EPSS

securityvulns•added 2013/07/01 12:0 a.m.•29 views

Apple iOS personal hotspot unauthorized access

Password is generated using short wordlist...

Exploits0References1Affected Software1

securityvulns•added 2013/07/01 12:0 a.m.•77 views

FreeBSD mmap+ptrace vulnerability

It's possible to modify mmap memory mapped files via ptrace...

6.9CVSS2.9AI score0.2417EPSS

Exploits10References2Affected Software1

securityvulns•added 2013/07/01 12:0 a.m.•38 views

Apple and Wifi Hotspot Credentials Management Vulnerability

This vulnerability was published to the OWASP Mobile Security list as a research paper by Andreas Kurtz, Daniel Metz and Felix Freiling. See "Cracking iOS personal hotspots using a Scrabble crossword game word list,"...

securityvulns•added 2013/07/01 12:0 a.m.•32 views

nfs-utils rpc.gssd privilege escalation

Unsafe PTR DNS record resoulution is used in a security related operation...

3.2CVSS2.9AI score0.00395EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/07/01 12:0 a.m.•29 views

libRaw / libKDcraw memory corruption

Memory corruption on full-color images processing...

7.5CVSS2.7AI score0.02433EPSS

Exploits1References2Affected Software2

securityvulns•added 2013/07/01 12:0 a.m.•40 views

puppet code exeuction

Code execution via YAML object deserialization...

7.5CVSS4AI score0.05772EPSS

Exploits0Affected Software1

securityvulns•added 2013/07/01 12:0 a.m.•44 views

Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability

Title: ====== Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability Date: ===== 2013-06-21 References: =========== http://vulnerability-lab.com/getcontent.php?id=777 BARRACUDA NETWORK SECURITY ID: BNSEC-834 VL-ID: ===== 777 Common Vulnerability Scoring System:...

securityvulns•added 2013/07/01 12:0 a.m.•60 views

Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :)

$ uname -a FreeBSD fbsd91x64 9.1-RELEASE FreeBSD 9.1-RELEASE 0 r243825: Tue Dec 4 09:23:10 UTC 2012 [email protected]:/usr/obj/usr/src/sys/GENERIC amd64 $ id uid=1001hunger gid=1002hunger groups=1002hunger $ gcc fbsd9lul.c -o fbsd9lul $ ./fbsd9lul FreeBSD 9.0,1 mmap/ptrace exploit by...

securityvulns•added 2013/07/01 12:0 a.m.•48 views

OpenStack multiple security vulnerabilities

Keystone protection bypass and authentication bypass, Nova DoS...

7.5CVSS3.2AI score0.0471EPSS

Exploits2References4Affected Software4

Total number of security vulnerabilities47153