Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:6 a.m.48 views

CVE-2019-20525

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter...

6.1CVSS5.8AI score0.00906EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:36 p.m.4 views

CVE-2022-20525

In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

3.3CVSS6.7AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:27 a.m.6 views

CVE-2018-20525

Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php...

9.1CVSS6.8AI score0.21646EPSS
Exploits7References1
NVD
NVD
added 2024/05/03 2:15 a.m.37 views

CVE-2023-38120

Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication...

8.8CVSS9.3AI score0.03168EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/03 1:59 a.m.24 views

CVE-2023-38120 Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability

Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication...

8.8CVSS9AI score0.03168EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/03 1:59 a.m.36 views

CVE-2023-38120 Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability

Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication...

8.8CVSS9.5AI score0.03168EPSS
Exploits0References1
CVE
CVE
added 2024/05/03 1:59 a.m.85 views

CVE-2023-38120

The CVE-2023-38120 entry describes a vulnerability in the Adtran SR400ac where the ping command, exposed via JSON-RPC, accepts a crafted host parameter that can cause a system call from a user-supplied string, enabling code execution as root. The flaw is reachable over the network and requires au...

8.8CVSS9.3AI score0.03168EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/10 8:57 p.m.12 views

CVE-2023-20525

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service...

6.3AI score0.00595EPSS
Exploits0References1
CVE
CVE
added 2023/01/10 8:57 p.m.65 views

CVE-2023-20525

The CVE-2023-20525 issue affects the AMD Secure Processor (ASP) Bootloader: it is caused by insufficient syscall input validation that can allow a privileged attacker to read memory outside mapped register bounds, potentially causing a denial of service. Public details identify the affected compo...

6.5CVSS6.6AI score0.00595EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2022/12/16 6:37 p.m.4 views

CVE-2022-20525

creationtimestamp| type| source ---|---|--- 2022-12-16 18:37:31+00:00| seen| https://t.me/cibsecurity/54730...

3.3CVSS4.2AI score0.00116EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/12/16 12:0 a.m.5 views

CVE-2022-20525

In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

4.2AI score0.00116EPSS
Exploits0References1
CVE
CVE
added 2022/12/16 12:0 a.m.93 views

CVE-2022-20525

CVE-2022-20525 affects Android 13 and points to a permissions bypass in enforceVisualVoicemailPackage inside PhoneInterfaceManager.java, causing a leak of the visual voicemail package name. The impact is local elevation of privilege with no extra execution privileges and no user interaction requi...

3.3CVSS4.2AI score0.00116EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2022/04/06 12:0 a.m.1047 views

Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass Exploit

Roxy File Manager version 1.4.5 proof of concept exploit for a PHP file upload restriction bypass vulnerability. Exploit Title: Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass Exploit Author: Adam Shebani NULLHE4D Software: Roxy File Manager Version: 1.4.5 CVE: CVE-2018-20525 Vendor...

9.1CVSS0.21646EPSS
Exploits7
Packet Storm
Packet Storm
added 2022/04/04 12:0 a.m.315 views

Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass

Exploit Title: Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass Exploit Author: Adam Shebani NULLHE4D Date: 07/03/2022 Software: Roxy File Manager Version: 1.4.5 CVE: CVE-2018-20525 Vendor Homepage: http://www.roxyfileman.com/ Software Link:...

9.1CVSS0.1AI score0.21646EPSS
Exploits7
CVE
CVE
added 2020/03/19 5:56 p.m.72 views

CVE-2019-20525

CVE-2019-20525 affects Ignite Realtime Openfire 4.4.1, which is vulnerable to cross-site scripting via the setup/setup-datasource-standard.jsp driver parameter. The issue’s root cause is an XSS vector in that parameter handling. A fix exists in Openfire 4.4.2, per multiple advisories (including G...

6.1CVSS5.9AI score0.00906EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/03/18 3:21 p.m.79 views

CVE-2018-20525

CVE-2018-20525 affects Roxy Fileman 1.4.5, enabling directory traversal via copydir.php, copyfile.php, and fileslist.php. Public write-up and exploit references (e.g., Exploit-DB, PacketStorm) describe or imply abuse for arbitrary directory access via directory traversal and related upload bypass...

9.1CVSS8.3AI score0.21646EPSS
Exploits7References3Affected Software1
Packet Storm
Packet Storm
added 2019/01/07 12:0 a.m.61 views

Roxy Fileman 1.4.5 File Upload / Directory Traversal

====================================================================== Exploit Title:: Multiple Vulnerabilities Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-php CVE number: CVE-2018-20525,...

0.5AI score0.73056EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/01/07 12:0 a.m.82 views

Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal

====================================================================== Exploit Title:: Multiple Vulnerabilities Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-php CVE number: CVE-2018-20525,...

9.8CVSS8.5AI score0.73056EPSS
Exploits7
Rows per page
Query Builder