Lucene search
+L

165 matches found

Openbugbounty
Openbugbounty
added 2017/07/08 10:29 p.m.950 views

mangago.me XSS vulnerability

Vulnerable URL: http://www.mangago.me/r/lsearch/?name=a%27aa%22onfocus=prompt/OPENBUGBOUNTY/%20autofocus=x%20bad=--%3E%3C/title%3E%3C/script%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| Yes, at 27.11.2017 Latest check for patch:| 27.11.2017 09:...

6.3AI score
Exploits0
OSV
OSV
added 2016/06/08 2:59 p.m.5 views

CVE-2016-4367

The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors...

7.5CVSS5.8AI score0.07541EPSS
Exploits0References2
CVE
CVE
added 2016/06/08 2:0 p.m.46 views

CVE-2016-4367

CVE-2016-4367 affects the HPE Universal CMDB Universal Discovery component (versions 10.0, 10.01, 10.10, 10.11, 10.20, 10.21). The issue allows remote attackers to obtain sensitive information via unspecified vectors. The connected documents do not provide concrete exploit details or a disclosed ...

7.5CVSS7.6AI score0.07541EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/06/15 2:0 p.m.40 views

CVE-2015-4367

The CVE-2015-4367 issue affects the Drupal Simple Subscription module (6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1). The root cause is inadequate filtering/sanitization of user-submitted content in block content, enabling an authenticated user with the administer blocks permission to inject...

3.5CVSS5.4AI score0.00965EPSS
Exploits0References5Affected Software1
Drupal
Drupal
added 2015/03/04 12:0 a.m.24 views

SA-CONTRIB-2015-071 - Simple Subscription - Cross Site Scripting (XSS)

This module enables you to add a block to allow visitors to subscribe to a site's newsletter. The module failed to sanitize some block content, leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission...

3.5CVSS5.6AI score0.00965EPSS
Exploits0References11
CVE
CVE
added 2014/09/18 10:0 a.m.52 views

CVE-2014-4367

The CVE-2014-4367 entry affects Apple iOS versions before 8, where Voice Dial can be triggered during upgrade actions. The underlying issue allows a physically proximate attacker to initiate calls by speaking a telephone number, as documented in multiple sources. According to the Apple security b...

2.1CVSS5.8AI score0.0037EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.31 views

Fedora 17 : glpi-0.83.9.1-1.fc17 (2013-11413)

Upstream changelog : - Bug 4306: Notification on delete document - Bug 4308: Knowbase : encoding issue to clean search - Bug 4309: Items disappear when you click in tabscrollermenu vertical list of tabs - Bug 4310: Password with - Bug 4313: Search problem on tab group view in central - Bug 4329:...

7.5CVSS7.3AI score0.12976EPSS
Exploits6References1
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.36 views

Fedora 19 : glpi-0.83.9.1-1.fc19 (2013-11315)

Upstream changelog : - Bug 4306: Notification on delete document - Bug 4308: Knowbase : encoding issue to clean search - Bug 4309: Items disappear when you click in tabscrollermenu vertical list of tabs - Bug 4310: Password with - Bug 4313: Search problem on tab group view in central - Bug 4329:...

7.5CVSS7.3AI score0.12976EPSS
Exploits6References1
Circl
Circl
added 2012/02/09 12:0 a.m.14 views

CVE-2011-4367

creationtimestamp| type| source ---|---|--- 2012-02-09 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/36681 2025-08-17 21:02:22+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lwmrsaddof2v...

5CVSS5.7AI score0.33471EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2011/03/05 12:0 a.m.28 views

FreeBSD Ports: awstats

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.5CVSS6.4AI score0.27673EPSS
Exploits1References3
CVE
CVE
added 2010/12/02 4:0 p.m.80 views

CVE-2010-4367

CVE-2010-4367 affects AWStats (awstats.cgi) prior to 7.0. The vulnerability arises because a configdir parameter in the URL can be used to reference a crafted configuration file located on a WebDAV or NFS server, enabling remote command execution. Other OpenVAS/NVD entries corroborate the same de...

7.5CVSS7.4AI score0.27673EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2010/12/02 4:0 p.m.22 views

CVE-2010-4367

awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a 1 WebDAV server or 2 NFS server...

7.2AI score0.27673EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2010/12/01 12:0 a.m.24 views

Awstats Configuration File Remote Arbitrary Command Execution Vulnerability

Awstats is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user- supplied input. An attacker can exploit this vulnerability to execute arbitrary shell commands in the context of the webserver process. This may help...

7.5CVSS0.5AI score0.27673EPSS
Exploits2References4
Circl
Circl
added 2010/11/30 12:0 a.m.6 views

CVE-2010-4367

creationtimestamp| type| source ---|---|--- 2010-11-30 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/35035...

7.5CVSS5.7AI score0.27673EPSS
Exploits1References1
CERT
CERT
added 2010/11/30 12:0 a.m.33 views

AWStats fails to properly handle "\\" when specifying a configuration file directory

Overview AWStats fails to properly handle "\" when specifying a configuration file directory. This could allow an attacker to specify an arbitrary configuration file located on an SMB share. Description From the AWStats project website: "AWStats is a free powerful and featureful tool that...

7.5CVSS6.5AI score0.27673EPSS
Exploits2References6
CVE
CVE
added 2009/12/21 4:0 p.m.61 views

CVE-2009-4367

The CVE concerns the Sitecore Staging Module (Sitecore Staging Module 5.4.0 rev.080625 and earlier) where the Staging Webservice (sitecore modules/staging/service/api.asmx) can be lasered by crafted SOAP requests to bypass authentication. The root cause is an authentication bypass that accepts ar...

6.8CVSS7.2AI score0.06087EPSS
Exploits1References7Affected Software1
Circl
Circl
added 2009/12/17 12:0 a.m.8 views

CVE-2009-4367

creationtimestamp| type| source ---|---|--- 2009-12-17 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/10513...

6.8CVSS5.8AI score0.06087EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2008/10/17 12:0 a.m.26 views

Security Center < 3.4.2.1 Directory Traversal Arbitrary File Access

The version of Tenable Security Center installed on the remote host appears to be earlier than 3.4.2.1. Such versions contain two vulnerabilities that allow a user who was logged into the Security Center to obtain system files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

5.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.23 views

Gentoo Security Advisory GLSA 200708-17 (opera)

The remote host is missing updates announced in advisory GLSA 200708-17. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

9.3CVSS0.7AI score0.08248EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.29 views

openSUSE 10 Security Update : opera (opera-4172)

This update of opera fixes a security vulnerabilities that allowed the execution of arbitrary code by using JavaScript. CVE-2007-4367 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update opera-4172...

9.3CVSS5.7AI score0.08248EPSS
Exploits1References1
Rows per page
Query Builder