Lucene search
+L

141 matches found

OSV
OSV
added 2017/12/20 4:29 p.m.4 views

CVE-2017-17752

Ability Mail Server 3.3.2 has Cross Site Scripting XSS via the body of an e-mail message, with JavaScript code executed on the Read Mail screen aka the /readmail URI. This is fixed in version 4.2.4...

6.1CVSS5.8AI score0.01383EPSS
Exploits5References1
exploitpack
exploitpack
added 2017/12/20 12:0 a.m.56 views

Ability Mail Server 3.3.2 - Cross-Site Scripting

Ability Mail Server 3.3.2 - Cross-Site Scripting Exploit Title: Ability Mail Server 3.3.2 Persistent Cross Site Scripting XSS CVE: CVE-2017-17752 Date: 19-12-2017 Software Link: http://download.codecrafters.com/ams3.exe Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr...

4.3CVSS6.1AI score0.01383EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/12/20 12:0 a.m.45 views

Ability Mail Server 3.3.2 - Cross-Site Scripting

Exploit Title: Ability Mail Server 3.3.2 Persistent Cross Site Scripting XSS CVE: CVE-2017-17752 Date: 19-12-2017 Software Link: http://download.codecrafters.com/ams3.exe Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Vendor Homepage: http://www.codecrafters.com...

6.1CVSS6.3AI score0.01383EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2017/11/08 1:20 p.m.33 views

CVE-2016-10089

A vulnerability was found in Nagios 4.2.4, and earlier, which allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. Mitigation This flaw, and others like it, are mitigated by enabling hardlink and symlink protections. These...

7.8CVSS2.9AI score0.0115EPSS
Exploits5References2
CNVD
CNVD
added 2017/08/22 12:0 a.m.4 views

Cybozu Garoon Directory Traversal Vulnerability (CNVD-2017-25382)

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin boards, document management, and other functions, and supports free switching among three languages Chinese, Japanese, and English. A directory traversal...

4.3CVSS5.1AI score0.01326EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2017/08/21 12:0 a.m.24 views

phpMyAdmin Multiple XSS Vulnerabilities (PMASA-2014-2) - Linux

phpMyAdmin is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

3.5CVSS5.8AI score0.01519EPSS
Exploits1References2
CNVD
CNVD
added 2017/07/11 12:0 a.m.6 views

Cybozu Garoon Session Fixation Vulnerability

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions, and supports free switching among three languages Chinese, Japanese, and English. A session fixation vulnerability...

5.8CVSS7.1AI score0.00851EPSS
Exploits0References1
CNVD
CNVD
added 2017/07/11 12:0 a.m.5 views

Cybozu Garoon has an unspecified vulnerability

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions, and supports free switching among three languages Chinese, Japanese, and English. A security vulnerability exists i...

5.8CVSS6.8AI score0.00849EPSS
Exploits0References1
CNVD
CNVD
added 2017/07/11 12:0 a.m.5 views

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2017-15107)

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions, and supports free switching among three languages Chinese, Japanese, and English. A cross-site scripting...

4.8CVSS6.2AI score0.00603EPSS
Exploits0References1
OSV
OSV
added 2017/07/07 1:29 p.m.7 views

CVE-2017-2146

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu...

4.8CVSS5.9AI score0.00603EPSS
Exploits0References2
OSV
OSV
added 2017/07/07 1:29 p.m.8 views

CVE-2017-2144

Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page...

5.4CVSS5.8AI score0.00849EPSS
Exploits0References2
NVD
NVD
added 2017/03/23 4:59 p.m.18 views

CVE-2017-6360

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors...

10CVSS9.3AI score0.66146EPSS
Exploits5References6
Cvelist
Cvelist
added 2017/03/23 4:0 p.m.28 views

CVE-2017-6360

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors...

9.4AI score0.66146EPSS
Exploits5References6
Exploit DB
Exploit DB
added 2016/12/15 12:0 a.m.74 views

Nagios < 4.2.4 - Local Privilege Escalation

!/bin/bash Source: https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html Nagios Core 4.2.4 Root Privilege Escalation PoC Exploit nagios-root-privesc.sh ver. 1.0 CVE-2016-9566 Discovered and coded by: Dawid Golunski dawidatlegalhackers.com https://legalhackers.com Foll...

9.8CVSS8.4AI score0.22684EPSS
Exploits11
Tenable Nessus
Tenable Nessus
added 2016/09/09 12:0 a.m.13 views

BigTree-CMS 4.2.x < 4.2.4 Multiple Vulnerabilities

Binary data 9555.prm...

7.3AI score
Exploits0References1
Fortinet
Fortinet
added 2016/09/07 12:0 a.m.42 views

FortiWAN Multiple Vulnerabilities

FortWan 4.2.4 and below is exposed to cross site scripting, information leak and escalation of privilege vulnerabilities. CVE-2016-4965: Non-administrative authenticated user having access privileges to the nslookup functionality can perform OS command injection in the root user context...

9CVSS2.2AI score0.04115EPSS
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2016/04/17 3:11 p.m.65 views

Security update for samba (important)

samba was updated to version 4.2.4 to fix 14 security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication bsc973031. - CVE-2016-2111...

10CVSS8.1AI score0.87636EPSS
Exploits8References33
Packet Storm
Packet Storm
added 2016/02/18 12:0 a.m.39 views

webSPELL 4.2.4 Cross Site Request Forgery / SQL Injection

Advisory ID: HTB23291 Product: webSPELL Vendor: webSPELL.org Vulnerable Versions: 4.2.4 and probably prior Tested Version: 4.2.4 Advisory Publication: January 22, 2016 without technical details Vendor Notification: January 22, 2016 Vendor Patch: February 12, 2016 Public Disclosure: February 17,...

0.3AI score
Exploits0
NVD
NVD
added 2015/11/09 11:59 a.m.18 views

CVE-2015-5731

Cross-site request forgery CSRF vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service editing blockage, via a get-post-lock action...

6.8CVSS6.4AI score0.03854EPSS
Exploits0References9
NVD
NVD
added 2015/11/09 11:59 a.m.17 views

CVE-2015-2213

SQL injection vulnerability in the wpuntrashpostcomments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash...

7.5CVSS6.9AI score0.11128EPSS
Exploits0References10
Rows per page
Query Builder