Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•57 views

[ MDVSA-2013:184 ] perl-Dancer

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:184 http://www.mandriva.com/en/support/security/ Package : perl-Dancer Date : June 27, 2013 Affected: Business Server 1.0 Problem Description: Updated perl-Dancer package fixes CVE-2012-5572 A security flaw...

5CVSS6.2AI score0.01497EPSS
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•51 views

WordPress category-grid-view-galler plugin Cross-Site Scripting Vulnerabilities

The WordPress category-grid-view-galler plugin suffers from a Cross-Site Scripting vulnerability. Iranian Exploit DataBase http://exploit.iedb.ir Exploit Title : WordPress category-grid-view-galler plugin Cross-Site Scripting Vulnerabilities Author : Iranian Exploit DataBase Discovered By : IeDb...

0.3AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•170 views

Linksys EA - 2700, 3500, 4200, 4500 w/ Lighttpd 1.4.28 Unauthenticated Remote Administration Access

Vulnerable products : Linksys EA2700, EA3500, E4200, EA4500 using lighttpd 1.4.28 and Utopia on Linux 2.6.22 Firmware Version: 1.0.14 EA2700 Firmware Version: 1.0.30 EA3500 Firmware Version: 2.0.36 E4200 Firmware Version: 2.0.36 EA4500 Impact: - Major Timeline: - Still awaiting word back from...

1.8AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•72 views

WordPress feed plugin Sql Injection

The WordPress feed plugin suffers from a Sql Injection vulnerability. Iranian Exploit DataBase http://exploit.iedb.ir Exploit Title : WordPress feed plugin Sql Injection Author : Iranian Exploit DataBase Discovered By : IeDb Email : [email protected] Home : http://exploit.iedb.ir Software Link ...

0.5AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•53 views

FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress

Hello 3APA3A! These are Full path disclosure and Security bypass vulnerabilities in Exploit Scanner for WordPress. This is security plugin for detecting exploits and backdoors in WordPress. Which failed to identify my Backdoored Web Application BWA - a reference test of backdoor scanners released...

0.5AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•41 views

Multiple vulnerabilities in multiple themes for WordPress with VideoJS

Hello 3APA3A! These are Cross-Site Scripting and Full path disclosure vulnerabilities in multiple themes for WordPress with VideoJS. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21. This is popular video and audio player, which is used at hundred...

6.3AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•55 views

XSS and FPD vulnerabilities in I Love It New theme for WordPress

Hello 3APA3A! These are Cross-Site Scripting and Full path disclosure vulnerabilities in I Love It New theme for WordPress. This is commercial premium theme. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21 and in multiple web applications...

0.1AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•42 views

AVAST Universal Core Installer - Multiple Vulnerabilities

Title: ====== AVAST Universal Core Installer - Multiple Vulnerabilities Date: ===== 2013-06-28 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=966 VL-ID: ===== 965 Common Vulnerability Scoring System: ==================================== 4.2 Introduction: =============...

7.4AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•32 views

WordPress Denial of Service exploit

Hello 3APA3A! Here is my version of vnd's PoC https://vndh.net/note:wordpress-351-denial-service. This exploit is for Denial of Service vulnerability in WordPress 3.4 - 3.5.1. My version solves some issues in original PoC. Concerning this Denial of Service in WordPress. As I wrote last week in my...

0.6AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•55 views

AFU vulnerabilities in MCFileManager for TinyMCE

Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode File Manager MCFileManager. This is commercial plugin for TinyMCE. It concerns as MCFileManager, as all web applications which have MCFileManager in their bundle. These are Arbitrary File Uploading vulnerabilities, which lead to...

2.4AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•75 views

[SECURITY] [DSA 2718-1] wordpress security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2718-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez July 01, 2013 http://www.debian.org/security/faq -...

6.4CVSS1.4AI score0.28857EPSS
Exploits6
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•32 views

Cross-Site Scripting vulnerabilities in WordPress

Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in WordPress. Which I've disclosed last week. At WordPress 3.5.2 release, WP developers mentioned about three holes as "security hardenings" to decrease their importance and to make it looks like there were less fixed holes. One of thes...

6.2AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•60 views

LSE Leading Security Experts GmbH - LSE-2013-07-03 - rsyslog ElasticSearch Plugin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory 2013-07-03 === rsyslog ElasticSearch Plugin - Double Free Memory Corruption - ------------------------------------------------------------ Affected Version ================ rsyslog 7.4.0 stable...

6.8CVSS0.0233EPSS
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•32 views

perl-Dancer headers injection

headers injection in cookie handling methods...

5CVSS2.7AI score0.01497EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•140 views

Vulnerabilities in multiple plugins for WordPress with VideoJS

Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in multiple plugins for WordPress with VideoJS. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21. This is popular video and audio player, which is used at hundreds thousands of web sites...

6.3AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•47 views

[CVE-2013-4695] WinAmp v5.63 gen_ff.dll links.xml Value Parsing Invalid Pointer Dereference

Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: WinAmp Vendor URL: www.winamp.com Type: Pointer Issues CWE-465 Date found: 2013-06-05 Date published: 2013-07-01 CVSSv2 Score: 4,4 AV:L/AC:M/Au:N/C:P/I:P/A:P CVE: CVE-2013-4695 2. CREDITS...

0.2AI score0.05282EPSS
Exploits6
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•35 views

libvirt DoS

Resources exhaustion...

5CVSS1.9AI score0.03513EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•28 views

Avast antiviral products multiple security vulnerabilities

Privilege escalations...

2.9AI score
Exploits0References3
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•78 views

[USN-1895-1] libvirt vulnerability

========================================================================== Ubuntu Security Notice USN-1895-1 July 02, 2013 libvirt vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

5CVSS0.6AI score0.03513EPSS
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•50 views

FPD, XSS and CS vulnerabilities in Slash WP theme for WordPress

Hello 3APA3A! I want to warn you about multiple vulnerabilities in Slash WP theme for WordPress. This is commercial theme for WP. These are Full path disclosure, Cross-Site Scripting and Content Spoofing vulnerabilities. ------------------------- Affected products: -------------------------...

6AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•61 views

XSS and FPD vulnerabilities in Search 'N Save for WordPress

Hello 3APA3A! I want to inform you about vulnerabilities in Search 'N Save plugin for WordPress. These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in ZeroClipboard.swf, which is used in the plugin. In February I wrote about Cross-Site Scripting...

0.3AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•59 views

Denial of Service in WordPress

Hello 3APA3A! These are Denial of Service vulnerabilities WordPress. Which I've disclosed two days ago http://websecurity.com.ua/6600/. About XSS vulnerabilities in WordPress, which exist in two redirectors, I wrote last year http://securityvulns.ru/docs27917.html. About Redirector vulnerabilitie...

1AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•35 views

WordPress 3.5.1, Denial of Service

Version 3.5.1 latest of popular blogging engine WordPress suffers from remote denial of service vulnerability. The bug exists in encryption module class-phpass.php. The exploitation of this vulnerability is possible only when at least one post is protected by a password. Time frames: 31.05.2013...

1.4AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•43 views

[waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin

waraxe-2013-SA104 - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin =================================================================================== Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-104.html Descriptio...

Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•41 views

AVAST Internet Security Suite - Persistent Vulnerabilities

Title: ====== AVAST Internet Security Suite - Persistent Vulnerabilities Date: ===== 2013-06-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=969 VL-ID: ===== 969 Common Vulnerability Scoring System: ==================================== 3.4 Introduction: =============...

7.6AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•39 views

WinAmp security vulnerabilities

Buffer overflow, uninitialized pointer dereference...

7.5CVSS3.9AI score0.17215EPSS
Exploits14References2Affected Software1
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•36 views

AVAST Antivirus v8.0.1489 - Multiple Core Vulnerabilities

Title: ====== AVAST Antivirus v8.0.1489 - Multiple Core Vulnerabilities Date: ===== 2013-06-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=963 VL-ID: ===== 963 Common Vulnerability Scoring System: ==================================== 4.1 Introduction: =============...

8.1AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•37 views

ElasticSearch double free

ElasticSearch rsyslog plugin doble free...

6.8CVSS2.1AI score0.0233EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•34 views

Wordpress wp-private-messages Plugin Sql Injection vulnerability

The Wordpress wp-private-messages Plugin suffers from a Sql Injection vulnerability. Iranian Exploit DataBase Www.exploit.IrIsT.Ir Exploit Title : Wordpress wp-private-messages Plugin Sql Injection vulnerability Author : Iranian Exploit DataBase Discovered By : IeDb Home : http://exploit.IrIsT.Ir...

0.3AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•37 views

php-radius buffer overflow

Buffer overflow in radiusgetvendorattr...

7.5CVSS3.7AI score0.03684EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•41 views

FPD and Security bypass vulnerabilities in AntiVirus for WordPress

Hello 3APA3A! These are Full path disclosure and Security bypass vulnerabilities in AntiVirus for WordPress. This is security plugin for detecting exploits and backdoors in WordPress. Which failed to identify my Backdoored Web Application BWA - a reference test of backdoor scanners released in...

0.8AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•44 views

XSS and FPD vulnerabilities in Search and Share for WordPress

Hello 3APA3A! I want to inform you about vulnerabilities in Search and Share plugin for WordPress. These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in ZeroClipboard.swf, which is used in the plugin. In February I've wrote about Cross-Site Scripting...

5.7AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•46 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

4.3CVSS1.6AI score0.03373EPSS
Exploits3References21Affected Software9
securityvulns
securityvulns
•added 2013/07/08 12:0 a.m.•55 views

[ MDVSA-2013:191 ] fail2ban

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:191 http://www.mandriva.com/en/support/security/ Package : fail2ban Date : July 2, 2013 Affected: Business Server 1.0 Problem Description: Updated fail2ban packages fix CVE-2013-2178 Krzysztof...

5CVSS6.3AI score0.01763EPSS
Exploits0
securityvulns
securityvulns
•added 2013/07/01 12:0 a.m.•70 views

[slackware-security] ruby (SSA:2013-178-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security ruby SSA:2013-178-01 New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+...

6.8CVSS5.8AI score0.02767EPSS
Exploits0
securityvulns
securityvulns
•added 2013/07/01 12:0 a.m.•62 views

Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :)

$ uname -a FreeBSD fbsd91x64 9.1-RELEASE FreeBSD 9.1-RELEASE 0 r243825: Tue Dec 4 09:23:10 UTC 2012 [email protected]:/usr/obj/usr/src/sys/GENERIC amd64 $ id uid=1001hunger gid=1002hunger groups=1002hunger $ gcc fbsd9lul.c -o fbsd9lul $ ./fbsd9lul FreeBSD 9.0,1 mmap/ptrace exploit by...

0.6AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/01 12:0 a.m.•56 views

CVE-2013-2210

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2210: Apache Santuario XML Security for C++ contains a heap overflow during XPointer evaluation Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security for C++ library versions prior to...

7.5CVSS0.7AI score0.08031EPSS
Exploits1
securityvulns
securityvulns
•added 2013/07/01 12:0 a.m.•47 views

HAProxy security vulnerabilities

Few memory corruptions...

5.1CVSS2.2AI score0.05464EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
•added 2013/07/01 12:0 a.m.•37 views

Barracuda CudaTel 2.6.02.04 - Multiple Web Vulnerabilities

Title: ====== Barracuda CudaTel 2.6.02.04 - Multiple Web Vulnerabilities Date: ===== 2013-06-25 References: =========== http://vulnerability-lab.com/getcontent.php?id=778 BARRACUDA NETWORK SECURITY ID: BNSEC-811 VL-ID: ===== 778 Common Vulnerability Scoring System:...

7.1AI score
Exploits0
securityvulns
securityvulns
•added 2013/07/01 12:0 a.m.•49 views

OpenStack multiple security vulnerabilities

Keystone protection bypass and authentication bypass, Nova DoS...

7.5CVSS3.2AI score0.06518EPSS
Exploits2References4Affected Software4
securityvulns
securityvulns
•added 2013/07/01 12:0 a.m.•83 views

[USN-1887-1] OpenStack Swift vulnerabilities

========================================================================== Ubuntu Security Notice USN-1887-1 June 20, 2013 swift vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

7.5CVSS0.8AI score0.06518EPSS
Exploits0
securityvulns
securityvulns
•added 2013/07/01 12:0 a.m.•43 views

Ruby certificate spoofing

It's possible to bypass certificate name check...

6.8CVSS1.5AI score0.02767EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2013/07/01 12:0 a.m.•55 views

CVE-2013-2154: Apache Santuario C++ stack overflow vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2154: Apache Santuario XML Security for C++ contains a stack overflow during XPointer evaluation Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security for C++ library versions prior to...

7.5CVSS0.6AI score0.08031EPSS
Exploits1
securityvulns
securityvulns
•added 2013/07/01 12:0 a.m.•43 views

[USN-1884-1] LibRaw vulnerability

========================================================================== Ubuntu Security Notice USN-1884-1 June 18, 2013 libraw vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

7.5CVSS0.9AI score0.04412EPSS
Exploits1
securityvulns
securityvulns
•added 2013/07/01 12:0 a.m.•42 views

[USN-1885-1] libKDcraw vulnerability

========================================================================== Ubuntu Security Notice USN-1885-1 June 18, 2013 libkdcraw vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS0.8AI score0.04412EPSS
Exploits1
securityvulns
securityvulns
•added 2013/07/01 12:0 a.m.•30 views

libRaw / libKDcraw memory corruption

Memory corruption on full-color images processing...

7.5CVSS2.7AI score0.04412EPSS
Exploits1References2Affected Software2
securityvulns
securityvulns
•added 2013/07/01 12:0 a.m.•63 views

[USN-1889-1] HAProxy vulnerability

========================================================================== Ubuntu Security Notice USN-1889-1 June 20, 2013 haproxy vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

5CVSS0.8AI score0.03519EPSS
Exploits0
securityvulns
securityvulns
•added 2013/07/01 12:0 a.m.•41 views

puppet code exeuction

Code execution via YAML object deserialization...

7.5CVSS4AI score0.03408EPSS
Exploits0Affected Software1
securityvulns
securityvulns
•added 2013/07/01 12:0 a.m.•56 views

[SECURITY] [DSA 2717-1] xml-security-c security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2717-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso June 28, 2013 http://www.debian.org/security/faq -...

7.5CVSS2.6AI score0.08031EPSS
Exploits1
securityvulns
securityvulns
•added 2013/07/01 12:0 a.m.•41 views

Apple and Wifi Hotspot Credentials Management Vulnerability

This vulnerability was published to the OWASP Mobile Security list as a research paper by Andreas Kurtz, Daniel Metz and Felix Freiling. See "Cracking iOS personal hotspots using a Scrabble crossword game word list,"...

0.3AI score
Exploits0
Total number of security vulnerabilities47153