Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying entries 1 - 10 of 57980 in total

Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner Exploit

Disclosed: December 17, 2014

This module scans for HTTP servers that appear to be vulnerable to the 'Misfortune Cookie' vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials, however more specifics are not y...

BMC TrackIt! Unauthenticated Arbitrary User Password Change Exploit

Disclosed: December 09, 2014

This module exploits a flaw in the password reset mechanism in BMC TrackIt! 11.3 and possibly prior versions. If the password reset service is configured to use a domain administrator (which is the recommended configuration), then domain credentials can be reset (such as domain Administrator).

ManageEngine NetFlow Analyzer Arbitrary File Download Exploit

Disclosed: November 30, 2014

This module exploits an arbitrary file download vulnerability in CSVServlet on ManageEngine NetFlow Analyzer. This module has been tested on both Windows and Linux with versions 8.6 to 10.2. Note that when typing Windows paths, you must escape the backslash with a backslash.

DSA-3083-1 mutt -- security update Vulnerability

  • Severity: 4
  • Published: November 29, 2014

A flaw was discovered in mutt, a text-based mailreader. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition.

Tuleap PHP Unserialize Code Execution Exploit

Disclosed: November 27, 2014

This module exploits a PHP object injection vulnerability in Tuelap <= 7.6-4 which could be abused to allow authenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize() call exists in the 'src/www/project/register.php' file. The exploit abuses the destructor method from...

SUSE Linux Security Advisory: CVE-2014-8716 Vulnerability

  • Severity: 4
  • Published: November 26, 2014

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

DSA-3078-1 libksba -- security update Vulnerability

  • Severity: 4
  • Published: November 26, 2014

An integer underflow flaw, leading to a heap-based buffer overflow, was found in the ksba_oid_to_str() function of libksba, an X.509 and CMS (PKCS#7) library. By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could cause an application using libksba to crash (denial of s...

USN-2427-1: Libksba vulnerability Vulnerability

  • Severity: 4
  • Published: November 26, 2014

Hanno Böck discovered that Libksba incorrectly handled certain S/MIMEmessages or ECC based OpenPGP data. An attacker could use this issue tocause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code. The problem can be corrected by updating your system to the following package version: To update your sy...

DSA-3082-1 flac -- security update Vulnerability

  • Severity: 8
  • Published: November 25, 2014

Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.