APPLE-SA-2013-09-20-1 Apple TV 6.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-20-1 Apple TV 6.0 Apple TV 6.0 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination...
0.1AI Score
0.051EPSS
Monstra CMS v1.2.0 - Blind SQL Injection Vulnerability
Title: Monstra CMS v1.2.0 - Blind SQL Injection Vulnerability Date: 2013-09-20 References: http://www.vulnerability-lab.com/get_content.php?id=1081 VL-ID: 1081 Common Vulnerability Scoring System: 8.7 Introduction: Monstra is a simple and light-weighted Content Management System written in PHP! A.....
0.6AI Score
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-18-2 iOS 7 iOS 7 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Root certificates have been updated...
0.5AI Score
0.051EPSS
Apple Releases Apple TV 6.0, Fixes 50+ Bugs
After a botched software update over the weekend, Apple re-released version 6.0 of its Apple TV product last night, replete with the requisite bells and whistles but not without a slew of security updates and bug fixes. 57 bugs in total are addressed in 6.0; the third update the digital media...
-0.1AI Score
PT-2013-65: Sensitive Information Disclosure in Jetty
PT-2013-65: Sensitive Information Disclosure in Jetty Vulnerable software Jetty Version: 9.0.5 and earlier Link: http://www.eclipse.org/jetty/ Severity level Severity level: Medium Impact: Sensitive Information Disclosure Access Vector: Remote CVSS v2: Base Score: 5.0 Vector:...
-0.1AI Score
0.3AI Score
0.1AI Score
7.1AI Score
$_GET not cleaned when parsed from REQUEST_URI
When none of the default methods of determining the request URI have succeeded, the framework will fallback to parsing the raw request URI as passed by the webserver. If this URI has a query string, it will be parsed and $_GET will be updated. In this process, the $_GET variables are not cleaned,.....
6.8AI Score
Siemens WinCC TIA Portal Vulnerabilities
Overview This advisory provides mitigation details for a vulnerability that impacts the Siemens WinCC TIA (Totally Integrated Automation) Portal (HMI). Researchers Billy Rios and Terry McCorkle of Cylance; Gleb Gritsai, Sergey Bobrov, Roman Ilin, Artem Chaykin, Timur Yunusov, and Ilya Karpov from.....
6.6AI Score
0.002EPSS
Siemens WinCC TIA Portal Vulnerabilities
OVERVIEW Researchers Timur Yunusov and Sergey Bobrov of Positive Technologies have identified several vulnerabilities in the Siemens WinCC (TIA Portal). A software update has been produced by Siemens that mitigates these vulnerabilities. Siemens has tested the software update to validate that it...
6.5AI Score
0.004EPSS
PT-2013-49: Null Byte Injection in Oracle Containers for J2EE
PT-2013-49: Null Byte Injection in Oracle Containers for J2EE Vulnerable software Oracle Containers for J2EE Version: 10.1.3.5 and earlier Link: http://www.oracle.com/technetwork/middleware/ias/downloads/utilsoft-090603.html Severity level Severity level: Medium Impact: Information Disclosure ...
7.3AI Score
0.002EPSS
PT-2013-47: Directory Traversal in Oracle Containers for J2EE
PT-2013-47: Directory Traversal in Oracle Containers for J2EE Vulnerable software Oracle Containers for J2EE Version: 10.1.3.5 and earlier Link: http://www.oracle.com/technetwork/middleware/ias/downloads/utilsoft-090603.html Severity level Severity level: Medium Impact: Directory Traversal ...
6.4AI Score
0.002EPSS
PT-2013-48: CRLF Injection in Oracle Containers for J2EE
PT-2013-48: CRLF Injection in Oracle Containers for J2EE Vulnerable software Oracle Containers for J2EE Version: 10.1.3.5 and earlier Link: http://www.oracle.com/technetwork/middleware/ias/downloads/utilsoft-090603.html Severity level Severity level: Medium Impact: CRLF Injection Access...
6.7AI Score
0.002EPSS
Siemens WinCC 7.2 Multiple Vulnerabilities
OVERVIEW This advisory provides mitigation details for vulnerabilities that impact the Siemens WinCC Web Navigator 7.2. Researchers Alexander Tlyapov, Sergey Gordeychik, and Timur Yunusov of Positive Technologies have identified multiple vulnerabilities in the Siemens WinCC Web Navigator 7.2...
7.9AI Score
0.004EPSS
APPLE-SA-2013-06-04-2 Safari 6.0.5
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-06-04-2 Safari 6.0.5 Safari 6.0.5 is now available and addresses the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.3 Impact: Visiting a maliciously crafted website may lead to an...
0.1AI Score
0.013EPSS
APPLE-SA-2013-05-16-1 iTunes 11.0.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-05-16-1 iTunes 11.0.3 iTunes 11.0.3 is now available and addresses the following: iTunes Available for: Mac OS X v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: An attacker in a privileged network position may manipulate...
AI Score
0.547EPSS
PT-2012-13: Cross-Site Scripting in PHP
PT-2012-13: Cross-Site Scripting in PHP Vulnerable software PHP Version: 5.4.6 and earlier Application link: http://php.net/ Severity level Severity level: Low Impact: Cross-Site Scripting Access Vector: Local CVSS v2: Base Score: 1.7 Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N) CVE: not...
-0.2AI Score
PT-2012-14: Security Restrictions Bypass in PHP
PT-2012-14: Security Restrictions Bypass in PHP Vulnerable software PHP Version: 5.4.4 and earlier; 5.3.14 and earlier Application link: http://php.net/ Severity level Severity level: Medium Impact: Security Restrictions Bypass Access Vector: Remote CVSS v2: Base Score: 5.0 Vector:...
0.5AI Score
0.008EPSS
APPLE-SA-2013-03-14-2 Safari 6.0.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-14-2 Safari 6.0.3 Safari 6.0.3 is now available and addresses the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2 Impact: Visiting a maliciously crafted website may lead to an...
AI Score
0.02EPSS
[PT-2013-17] Arbitrary Files Reading in mnoGoSearch
(PT-2013-17) Positive Technologies Security Advisory Arbitrary Files Reading in mnoGoSearch ---[ Vulnerable software ] mnoGoSearch Version: 3.3.12 and earlier Application link: http://www.mnogosearch.org/ ---[ Severity level ] Severity level: High Impact: Arbitrary Files Reading Access...
0.8AI Score
PT-2013-69: Denial of Service in Serv-U File Server
PT-2013-69: Denial of Service in Serv-U File Server Vulnerable software Serv-U File Server Version: 15.0.0.0 and earlier Link: http://www.serv-u.com/ Severity level Severity level: Medium Impact: Denial of Service Access Vector: Remote CVSS v2: Base Score: 5.0 Vector:...
1AI Score
PT-2013-67: Sensitive Information Disclosure in Serv-U File Server
PT-2013-67: Sensitive Information Disclosure in Serv-U File Server Vulnerable software Serv-U File Server Version: 15.0.0.0 and earlier Link: http://www.serv-u.com/ Severity level Severity level: High Impact: Information Disclosure Access Vector: Remote CVSS v2: Base Score: 7.8 Vector:...
0.3AI Score
7.4AI Score
mnoGoSearch 3.3.12 (search.cgi) - Arbitrary File Read Vulnerability
Exploit for cgi platform in category web...
7.1AI Score
mnoGoSearch 3.3.12 (search.cgi) - Arbitrary File Read
mnoGoSearch 3.3.12 (search.cgi) - Arbitrary File...
-0.1AI Score
-0.1AI Score
PT-2013-70: Multiple Cross-Site Scripting (XSS) in Serv-U File Server
PT-2013-70: Multiple Cross-Site Scripting (XSS) in Serv-U File Server Vulnerable software Serv-U File Server Version: 15.0.1.20 and earlier Link: http://www.serv-u.com/ Severity level Severity level: Medium Impact: Cross-Site Scripting Access Vector: Remote CVSS v2: Base Score: 4.3 Vector:...
0.3AI Score
PT-2013-66: Cross-Site Request Forgery (CSRF) in Serv-U File Server
PT-2013-66: Cross-Site Request Forgery (CSRF) in Serv-U File Server Vulnerable software Serv-U File Server Version: 15.1.0.480 and earlier Link: http://www.serv-u.com/ Severity level Severity level: Medium Impact: Cross-Site Request Forgery Access Vector: Remote CVSS v2: Base Score: 6.8 Vector:...
AI Score
PT-2013-68: Sensitive Information Disclosure in Serv-U File Server
PT-2013-68: Sensitive Information Disclosure in Serv-U File Server Vulnerable software Serv-U File Server Version: 15.1.0.480 and earlier Link: http://www.serv-u.com/ Severity level Severity level: Medium Impact: Information Disclosure Access Vector: Remote CVSS v2: Base Score: 5.0 Vector:...
0.1AI Score
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-01-28-1 iOS 6.1 Software Update iOS 6.1 Software Update is now available and addresses the following: Identity Services Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Authentication...
AI Score
0.109EPSS
PT-2013-19: XML External Entities Resolution vulnerability in HP ArcSight Connector
PT-2013-19: XML External Entities Resolution vulnerability in HP ArcSight Connector Vulnerable software HP ArcSight Connector Version: 5.0.2.5642.0 and possibly other versions Link: http://www8.hp.com/ Severity level Severity level: Medium Impact: Internal Network Resources and File System...
0.6AI Score
PT-2013-42: SQL Injection in Siemens WinCC and SIMATIC PCS 7
PT-2013-42: SQL Injection in Siemens WinCC and SIMATIC PCS 7 Vulnerable software Siemens WinCC Version: 7.2 and earlier Siemens SIMATIC PCS 7 Version: 8.0 SP1 and earlier Application link: http://www.siemens.com/ Severity level Severity level: High Impact: SQL Injection Access Vector:...
7.6AI Score
0.001EPSS
PT-2013-18: Variables Overwriting in mnoGoSearch
PT-2013-18: Variables Overwriting in mnoGoSearch Vulnerable software mnoGoSearch Version: 3.3.12 and earlier Application link: http://www.mnogosearch.org/ Severity level Severity level: Medium Impact: Cross-Site Scripting (XSS) Access Vector: Remote CVSS v2: Base Score: 4.3 Vector:...
0.4AI Score
PT-2013-17: Arbitrary Files Reading in mnoGoSearch
PT-2013-17: Arbitrary Files Reading in mnoGoSearch Vulnerable software mnoGoSearch Version: 3.3.12 and earlier Application link: http://www.mnogosearch.org/ Severity level Severity level: High Impact: Arbitrary Files Reading Access Vector: Remote CVSS v2: Base Score: 7.8 Vector:...
1.1AI Score
Security fix for the ALT Linux 8 package libssh version 0.5.3-alt1
Nov. 21, 2012 Sergey V Turchin 0.5.3-alt1 - new version - security fixes: CVE-2012-4559, CVE-2012-4560,...
6.2AI Score
0.104EPSS
Security fix for the ALT Linux 9 package libssh version 0.5.3-alt1
Nov. 21, 2012 Sergey V Turchin 0.5.3-alt1 - new version - security fixes: CVE-2012-4559, CVE-2012-4560,...
6.2AI Score
0.104EPSS
Security fix for the ALT Linux 7 package libssh version 0.5.3-alt1
Nov. 21, 2012 Sergey V Turchin 0.5.3-alt1 - new version - security fixes: CVE-2012-4559, CVE-2012-4560,...
6.2AI Score
0.104EPSS
PT-2013-26: Information Disclosure in Siemens Simatic WinCC and PCS 7
PT-2013-26: Information Disclosure in Siemens Simatic WinCC and PCS 7 Vulnerable software Siemens Simatic WinCC Version: 7.0 SP3 and earlier Siemens Simatic PCS 7 Version: 8.0 and earlier Application link: http://www.siemens.com/ Severity level Severity level: Medium Impact: Information Disclosure....
6.9AI Score
0.001EPSS
PT-2013-25: Information Disclosure in Siemens Simatic WinCC and PCS 7
PT-2013-25: Information Disclosure in Siemens Simatic WinCC and PCS 7 Vulnerable software Siemens Simatic WinCC Version: 7.0 SP3 and earlier Siemens Simatic PCS 7 Version: 8.0 and earlier Application link: http://www.siemens.com/ Severity level Severity level: Medium Impact: Information...
6.8AI Score
0.001EPSS
PT-2013-27: Directory Traversal in Siemens Simatic WinCC and PCS 7
PT-2013-27: Directory Traversal in Siemens Simatic WinCC and PCS 7 Vulnerable software Siemens Simatic WinCC Version: 7.0 SP3 and earlier Siemens Simatic PCS 7 Version: 8.0 and earlier Application link: http://www.siemens.com/ Severity level Severity level: Medium Impact: Arbitrary Files Reading...
6.4AI Score
0.001EPSS
'Pinkie Pie' discovered second Chrome exploit worth $60k at Pwnium 2
Hacker known as "Pinkie Pie" produced the first Chrome vulnerability at the Hack In the Box conference on Wednesday, just ahead of the deadline for the competition this afternoon. The exploit, if later confirmed by Google's US headquarters, will have earned the teenage hacker known as Pinkie Pie...
6.7AI Score
FreeBSD : chromium -- multiple vulnerabilities (5bae2ab4-0820-11e2-be5f-00262d5ed8ee)
Google Chrome Releases reports : [143439] High CVE-2012-2889: UXSS in frame handling. Credit to Sergey Glazunov. [143437] High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey Glazunov. [139814] High CVE-2012-2881: DOM tree corruption with plug-ins. Credit to Chamal de Silva. [135432] High...
-0.1AI Score
0.023EPSS
Google Releases Chrome 22 and Pays Out Nearly $30K in Rewards
Google has released Chrome 22, a major new version of its browser that includes a huge number of security fixes, many of them high-priority vulnerabilities. The company also handed out nearly $30,000 in rewards to security researchers, more than half of it to Sergey Glazunov, who discovered two...
0.4AI Score
0.566EPSS
The Chrome Team is excited to announce the promotion of Chrome 22 to the stable channel. Chrome 22.0.1229.79 (also now available on the beta channel) has a number of new and exciting updates including: Mouse Lock API availability for Javascript Additional Windows 8 enhancements Continued polish...
0.1AI Score
0.566EPSS
chromium -- multiple vulnerabilities
Google Chrome Releases reports: [143439] High CVE-2012-2889: UXSS in frame handling. Credit to Sergey Glazunov. [143437] High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey Glazunov. [139814] High CVE-2012-2881: DOM tree corruption with plug-ins. Credit to Chamal de...
1.1AI Score
0.023EPSS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-1 iOS 6 iOS 6 is now available and addresses the following: CFNetwork Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the...
0.4AI Score
0.832EPSS
PT-2015-11: Information Disclosure in Siemens SIMATIC WinCC (TIA Portal)
PT-2015-11: Information Disclosure in Siemens SIMATIC WinCC (TIA Portal) Vulnerable software Siemens SIMATIC WinCC (TIA Portal) Version: 13 and earlier Link: http://www.siemens.com/ Severity level Severity level: Medium Impact: Information Disclosure Access Vector: Remote CVSS v2: Base Score:...
6.4AI Score
0.004EPSS
PT-2015-12: Privilege Gaining in Siemens SIMATIC WinCC (TIA Portal)
PT-2015-12: Privilege Gaining in Siemens SIMATIC WinCC (TIA Portal) Vulnerable software Siemens SIMATIC WinCC (TIA Portal) Version: 13 and earlier Link: http://www.siemens.com/ Severity level Severity level: Medium Impact: Privilege Gaining Access Vector: Remote CVSS v2: Base Score: 6.8 Vector:...
6.3AI Score
0.004EPSS
PT-2013-31: Cross-Site Scripting in Siemens Simatic WinCC TIA Portal
PT-2013-31: Cross-Site Scripting in Siemens Simatic WinCC TIA Portal Vulnerable software Siemens Simatic WinCC TIA Portal Version: 11.x Application link: http://www.siemens.com/ Severity level Severity level: Medium Impact: Cross-Site Scripting Access Vector: Remote CVSS v2: Base Score: 4.0 ...
6.1AI Score
0.001EPSS