161763 matches found
Cisco IOS HTTP Configuration - Authentication Bypass
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. id: CVE-2001-0537 info: name: Cisco IOS HTTP Configuration - Authentication Bypass author:...
Citrix ShareFile StorageZones Controller - Unauthenticated Remote Code Execution
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. id: CVE-2023-24489 info: name: Citrix ShareFile StorageZones...
Dahua Smart Park Management - Arbitrary File Upload
Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePointaddImgIco?. id: CVE-2023-3836 info: name: Dahua Smart Park Management - Arbitrary File Upload...
Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the telnetform.php script functionality. id: CVE-2021-21799 info: name: Advantech R-SeeNet 2.4.12 - Cross-Site Scripting author: arafatansari severity: medium description: | Advantech R-SeeNet 2.4.12 contains a...
Apache Log4j2 - Remote Code Injection
Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. id: CVE-2021-45046 info: name: Apache Log4j2 - Remote Code Injection author: ImNightmaree severity: critical description: Apache Log4j2 Thread Context Lookup Pattern is...
H3C SSL VPN <=2022-07-10 - Cross-Site Scripting
H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. id: CVE-2022-35416 info: name: H3C SSL VPN =2022-07-10 - Cross-Site Scripting author: 0x240x23elu severity: medium description: | H3C SSL VPN 2022-07-10 and prior contains...
Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
Spring Data REST 2.6.9 and 3.0.1, Spring Boot 1.5.9 and 2.0 M6 contain a remote code execution caused by processing malicious PATCH requests with crafted JSON data, letting attackers execute arbitrary Java code, exploit requires sending malicious PATCH requests. id: CVE-2017-8046 info: name: Spri...
cPanel < 11.109.9999.116 - Cross-Site Scripting
An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID. id: CVE-2023-29489 info: name: cPanel 11.109.9999.116 - Cross-Site Scripting author: DhiyaneshDk,0xKayala severity: medium description: | An issue was...
Traccar - Unrestricted File Upload
Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this...
OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect
OpenText Documentum Administrator 7.2.0180.0055 is susceptible to multiple open redirect vulnerabilities. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2017-14524 info: name: OpenText...
WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting
WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. id: CVE-2017-17059 info: name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress...
Magmi 0.7.22 - Cross-Site Scripting
Magmi 0.7.22 contains a cross-site scripting vulnerability due to insufficient filtration of user-supplied data prefix passed to the magmi-git-master/magmi/web/ajaxgettime.php URL. id: CVE-2017-7391 info: name: Magmi 0.7.22 - Cross-Site Scripting author: pikpikcu severity: medium description: Mag...
WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting
WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting. id: CVE-2017-18536 info: name: WordPress Stop User Enumeration =1.3.7 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress Stop User Enumeration 1.3.7 an...
Zitadel - User Registration Bypass
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...
Django Debug Page - Cross-Site Scripting
Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. We detected that right circumstances DEBUG=True are present to allow a cross-site scripting attack. id: CVE-2017-12794 info: name: Django Debug Page -...
Yaws 1.91 - Local File Inclusion
Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080. id: CVE-2017-10974 info: name: Yaws 1.91 - Local File Inclusion author: 0xAkoko severity: high description: Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080. impact: |...
HPE System Management - Cross-Site Scripting
HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...
Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting
Verint Workforce Optimization 15.2.8.10048 contains a cross-site scripting vulnerability via the control/mynotifications NEWUINAV parameter. id: CVE-2021-36450 info: name: Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting author: atomiczsec severity: medium description: Verint...
WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection
WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection XXE. XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit...
Lotus Core CMS 1.0.1 - Local File Inclusion
Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php pageslug parameter. id: CVE-2020-8641 info: name: Lotus Core CMS 1.0.1 - Local File Inclusion author: 0xAkoko severity: high description: Lotus Core CMS 1.0.1 allows authenticated...