CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

158 matches found

exploitpack•added 2015/10/19 12:0 a.m.•15 views

RealtyScript 4.0.2 - Multiple Cross-Site Request Forgery Persistent Cross-Site Scripting Vulnerabilities

RealtyScript 4.0.2 - Multiple Cross-Site Request Forgery Persistent Cross-Site Scripting Vulnerabilities RealtyScript v4.0.2 Multiple CSRF And Persistent XSS Vulnerabilities Vendor: Next Click Ventures Product web page: http://www.realtyscript.com Affected version: 4.0.2 Summary: RealtyScript is...

7.2AI score

Exploits0

CNVD•added 2015/05/04 12:0 a.m.•1 views

Wing FTP Server Admin /admin_loglist.html Cross-Site Request Forgery Vulnerability

WingFTPServer is a professional cross-platform FTP server , it has good speed , reliability and a friendly configuration interface . A cross-site request forgery vulnerability exists in WingFTPServer Admin /adminloglist.html, which allows remote attackers to construct malicious URIs, trick users...

7AI score

Exploits0References1

RedHat Linux•added 2014/09/16 5:28 a.m.•3 views

luci: unauthorized administrative access granted to non-administrative users

It was discovered that various components in the luci site extension-related URLs were not properly restricted to administrative users. A remote, authenticated attacker could escalate their privileges to perform certain actions that should be restricted to administrative users, such as adding use...

5.5CVSS5.6AI score0.01428EPSS

Exploits0References4

seebug.org•added 2014/07/01 12:0 a.m.•2122 views

PHPLinks 2.1.2 Add Site HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6632/info phpLinks is prone to HTML injection. phpLinks does not sufficiently sanitized HTML and script code supplied via form fields before displaying this data to administrative users. This issue exists in the 'add.php'...

7.1AI score

Exploits0

OSV•added 2014/04/23 3:55 p.m.•0 views

UBUNTU-CVE-2014-2327

Cross-site request forgery CSRF vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that 1 modify binary files, 2 modify configurations, or 3 add arbitrary users...

6.8CVSS7.4AI score0.02278EPSS

Exploits1References4

Packet Storm•added 2014/01/06 12:0 a.m.•35 views

Seagate BlackArmor NAS sg2000-2000.1331 Cross Site Request Forgery

Exploit Title: Seagate BlackArmor NAS - Cross Site Request Forgery Google Dork: N/A Date: 04-01-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://www.seagate.com/ Software Link: http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/ Version: sg2000-2000.1331...

6.8CVSS0.1AI score0.01457EPSS

Exploits6

seebug.org•added 2014/01/06 12:0 a.m.•26 views

Seagate BlackArmor NAS sg2000-2000.1331跨站请求伪造漏洞

No description provided by source. Exploit Title: Seagate BlackArmor NAS - Cross Site Request Forgery Google Dork: N/A Date: 04-01-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://www.seagate.com/ Software Link:...

6.8CVSS9.6AI score0.01457EPSS

Exploits6

NVD•added 2013/10/04 11:55 p.m.•16 views

CVE-2013-3540

Cross-site request forgery CSRF vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users...

6.8CVSS7.1AI score0.01013EPSS

Exploits5References1

Prion•added 2013/10/01 7:55 p.m.•11 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for...

6.8CVSS7.7AI score0.06302EPSS

Exploits3References1

Cvelist•added 2013/10/01 7:0 p.m.•35 views

CVE-2013-3539

7.2AI score0.06302EPSS

Exploits3References1

OSV•added 2012/08/27 9:55 p.m.•1 views

DEBIAN-CVE-2012-2128

Cross-site request forgery CSRF vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129...

6.8CVSS6.9AI score0.01242EPSS

Exploits0References1

OSV•added 2012/08/27 9:55 p.m.•1 views

UBUNTU-CVE-2012-2128

DISPUTED Cross-site request forgery CSRF vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from...

6.8CVSS6AI score0.01242EPSS

Exploits0References3

0day.today•added 2010/05/03 12:0 a.m.•18 views

KubeBlog XSRF Vulnerabilities

Exploit for php platform in category web applications ============================= KubeBlog XSRF Vulnerabilities ============================= ======================================================================================== | Title : KubeBlog XSRF Vuln. | Author : The.Morpheus | email :...

7.1AI score

Exploits0

Packet Storm•added 2008/04/08 12:0 a.m.•21 views

prozilla-editadd.txt

--==+================================================================================+==-- --==+ Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 7...

7.4AI score

Exploits0

seebug.org•added 2008/04/06 12:0 a.m.•12 views

Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability

No description provided by source. --==+================================================================================+==-- --==+ Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability +==-- --==+================================================================================+==--...

7.1AI score

Exploits0

exploitpack•added 2008/04/06 12:0 a.m.•12 views

Prozilla Topsites 1.0 - Arbitrary EditAdd Users

Prozilla Topsites 1.0 - Arbitrary EditAdd Users --==+================================================================================+==-- --==+ Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability +==--...

0.8AI score

Exploits0

Cvelist•added 2003/12/02 5:0 a.m.•15 views

CVE-2003-0974

Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as 1 add new users to a console, as demonstrated using appliedsnatch.c, or 2 add spurious IDS rules to sensors, as demonstrated using addrule.c...

6.7AI score0.03286EPSS

Exploits1References5

CVE•added 2002/05/03 4:0 a.m.•32 views

CVE-2002-0286

The CVE affects SiteNews 0.10 and 0.11. In function.php, the GetPassword routine can be abused when a remote attacker supplies a non-existent username and the MD5 checksum of an empty password to add_user.php. This causes GetPassword to generate and compare a blank password for the non-existent u...

7.5CVSS7.5AI score0.01571EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by