The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
Security News

CVE-2015-8697

stalin 0.11-5 allows local users to write to arbitrary files.

06/27/2017

CVE-2015-7898

Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).

06/27/2017

CVE-2015-7895

Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).

06/27/2017

CVE-2015-7781

ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.

06/27/2017

CVE-2015-7780

Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.

06/27/2017

CVE-2015-7582

Satellite 6.1.0 allows remote authenticated users to read administrator bookmarks.

06/27/2017

CVE-2015-5378

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.

06/27/2017

CVE-2015-5180

res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).

06/27/2017

CVE-2015-3840

The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.

06/27/2017

CVE-2015-2245

Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash).

06/27/2017

CVE-2017-6086

Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to<vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to<vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to<vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to<vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to<vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to<vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to<vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to<vimbadmin directory>/application/controllers/AliasController.php.

06/27/2017

CVE-2015-1795

Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.

06/27/2017

CVE-2015-1778

The custom authentication realm used by karaf-tomcat\'s "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.

06/27/2017

CVE-2015-1591

The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges.

06/27/2017

CVE-2015-0955

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 6.1.0.

06/27/2017

CVE-2017-2491

Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file.

06/27/2017

CVE-2016-7062

rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.

06/27/2017

CVE-2016-6342

elog 3.1.1 allows remote attackers to post data as any username in the logbook.

06/27/2017

CVE-2016-5414

FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services.

06/27/2017

CVE-2016-4383

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.

06/27/2017

Security News 41 - 60 of 104227
First | Prev. | 1 2 3 4 5 | Next | Last All
Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit &quot;mbae.sys&quot;

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015