Lucene search
K

26 matches found

Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.3 views

PT-2024-18437 · WordPress · Brizy – Page Builder

Name of the Vulnerable Software and Affected Versions: Brizy – Page Builder plugin for WordPress versions up to, and including, 2.4.41 Description: The issue is related to Stored Cross-Site Scripting via post content due to insufficient input sanitization performed only on the client side and...

7.1CVSS6.1AI score0.00267EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2024/02/23 12:0 a.m.21 views

Brizy – Page Builder < 2.4.41 - Authenticated (Contributor+) Arbitrary File Upload

Description The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. This makes it possible for authenticated attackers, with contributor access or above, to...

8.8CVSS8AI score0.01497EPSS
Exploits0References1Affected Software1
F5 Networks
F5 Networks
added 2022/12/15 6:31 p.m.51 views

K59333944: Apache mod_proxy_ftp vulnerability CVE-2020-1934

Security Advisory Description In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server. CVE-2020-1934 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...

5.3CVSS6.6AI score0.51951EPSS
Exploits0
Packet Storm
Packet Storm
added 2022/09/12 12:0 a.m.299 views

ETAP Safety Manager 1.0.0.32 Cross Site Scripting

ETAP Safety Manager 1.0.0.32 Remote Unauthenticated Reflected XSS Vendor: ETAP Lighting International NV Product web page: https://www.etaplighting.com Affected version: 1.0.0.32 Summary: The ETAP Safety Manager ESM is a central managing and control system that helps you to monitor, adjust and...

0.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/07/08 12:0 a.m.166 views

Rocky Linux 8 : httpd:2.4 (RLSA-2022:5163)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:5163 advisory. - Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Leng...

7.5CVSS7.5AI score0.49089EPSS
Exploits0References3
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.813 views

Popup box < 2.3.4 - Authenticated Blind SQL Injections

The getayspopupboxes and getpopupcategories functions of the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard Exploit All of them with same technique. SQLMAP:...

6.5CVSS0.5AI score0.01362EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.757 views

Survey Maker < 1.5.6 - Authenticated Blind SQL Injections

The getresults and getitems functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard Note WPScanTeam: Other SQLi were identified when confirming the...

6.5CVSS0.5AI score0.01362EPSS
Exploits2
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.165 views

FAQ Builder < 1.3.6 - Authenticated Blind SQL Injections

The getfaqs function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQL...

6.5CVSS0.6AI score0.01362EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2021/05/20 12:0 a.m.10 views

PT-2021-5464 · Apache +8 · Apache Http Server +8

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.41 through 2.4.46 Description: The issue is related to the mod proxy http function in the Apache HTTP Server, which can be made to crash due to a NULL pointer dereference when handling specially crafted request...

9.8CVSS6.5AI score0.90039EPSS
Exploits4References106
Packet Storm
Packet Storm
added 2021/04/01 12:0 a.m.400 views

Latrix 0.6.0 SQL Injection

Exploit Title: Latrix 0.6.0 – 'txtaccesscode' SQL Injection Date: 03/30/2021 Exploit Author: cptsticky Vendor Homepage: https://sourceforge.net/projects/latrix Software Link: https://sourceforge.net/projects/latrix/files/latest/download Version: 0.6.0 Tested on: Ubuntu 20.04 POST...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.447 views

Park Ticketing Management System 1.0 - &#039;viewid&#039; SQL Injection

Exploit Title: Park Ticketing Management System 1.0 - 'viewid' SQL Injection Google Dork: N/A Date: 29/1/2021 Exploit Author: Zeyad Azima Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/ Version: V1 Tested on:...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/11/04 1:44 a.m.4 views

httpd: mod_rewrite configurations vulnerable to open redirect

A flaw was found in Apache HTTP Server httpd versions 2.4.0 to 2.4.41. Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirected instead to an unexpected URL within the request URL...

6.1CVSS6.6AI score0.56691EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/09/29 7:26 p.m.5 views

httpd: mod_rewrite configurations vulnerable to open redirect

A flaw was found in Apache HTTP Server httpd versions 2.4.0 to 2.4.41. Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirected instead to an unexpected URL within the request URL...

6.1CVSS6.6AI score0.56691EPSS
Exploits0References5
CNVD
CNVD
added 2020/04/02 12:0 a.m.75 views

Apache HTTP Server Input Validation Error Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.41. The vulnerability arises from ...

6.1CVSS8.1AI score0.56691EPSS
Exploits0References1
OSV
OSV
added 2020/04/01 8:15 p.m.5 views

UBUNTU-CVE-2020-1934

In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server...

5.3CVSS6.8AI score0.51951EPSS
Exploits0References5
0day.today
0day.today
added 2020/01/13 12:0 a.m.98 views

Chevereto 3.13.4 Core - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Chevereto 3.13.4 Core - Remote Code Execution Exploit Author: Jinny Ramsmark Vendor Homepage: https://chevereto.com/ Software Link: https://github.com/Chevereto/Chevereto-Free/releases Version: 1.0.0 Free - 1.1.4 Free, = 3.13.4...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2019/12/06 12:0 a.m.227 views

Verot 2.0.3 Remote Code Execution

Exploit Title: Verot 2.0.3 - Remote Code Execution Date: 2019-12-05 Exploit Author: Jinny Ramsmark Vendor Homepage: https://www.verot.net/phpclassupload.htm Software Link: https://github.com/verot/class.upload.php Version: '; $quality = "85"; $baseurl = "http://lorempixel.com"; echo "-=Imagejpeg...

0.1AI score0.26184EPSS
Exploits7
0day.today
0day.today
added 2019/12/06 12:0 a.m.853 views

Verot 2.0.3 - Remote Code Execution Exploit #RCE

Exploit for php platform in category web applications Exploit Title: Verot 2.0.3 - Remote Code Execution Date: 2019-12-05 Exploit Author: Jinny Ramsmark Vendor Homepage: https://www.verot.net/phpclassupload.htm Software Link: https://github.com/verot/class.upload.php Version: '; $quality = "85";...

0.1AI score0.26184EPSS
Exploits7
exploitpack
exploitpack
added 2019/12/06 12:0 a.m.129 views

Verot 2.0.3 - Remote Code Execution

Verot 2.0.3 - Remote Code Execution Exploit Title: Verot 2.0.3 - Remote Code Execution Date: 2019-12-05 Exploit Author: Jinny Ramsmark Vendor Homepage: https://www.verot.net/phpclassupload.htm Software Link: https://github.com/verot/class.upload.php Version: '; $quality = "85"; $baseurl =...

7.5CVSS0.1AI score0.26184EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/12/06 12:0 a.m.334 views

Verot 2.0.3 - Remote Code Execution

Exploit Title: Verot 2.0.3 - Remote Code Execution Date: 2019-12-05 Exploit Author: Jinny Ramsmark Vendor Homepage: https://www.verot.net/phpclassupload.htm Software Link: https://github.com/verot/class.upload.php Version: '; $quality = "85"; $baseurl = "http://lorempixel.com"; echo "-=Imagejpeg...

9.8CVSS9.8AI score0.26184EPSS
Exploits7
Rows per page
Query Builder