Lucene search
K

136 matches found

OSV
OSV
added 2020/08/13 2:15 p.m.4 views

CVE-2020-11733

An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin...

6.7CVSS6.7AI score0.01557EPSS
Exploits0References2
OSV
OSV
added 2020/06/18 3:15 a.m.4 views

CVE-2020-3362

A vulnerability in the CLI of Cisco Network Services Orchestrator NSO could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability b...

4.7CVSS5.8AI score0.00243EPSS
Exploits0References1
Prion
Prion
added 2020/03/16 9:15 p.m.11 views

Cross site scripting

An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4...

3.5CVSS5.1AI score0.00557EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/01/26 12:0 a.m.2 views

PT-2020-19903 · Adive · Adive Framework

Name of the Vulnerable Software and Affected Versions: Adive Framework version 2.0.8 Description: The issue allows for a CSRF attack in the admin/config section, enabling an attacker to change the Administrator password. Recommendations: For Adive Framework version 2.0.8, update to a version that...

8.8CVSS8.6AI score0.03078EPSS
Exploits5References6
SonicWall
SonicWall
added 2019/12/30 8:0 p.m.12 views

SonicOS and SonicOSv Read-only Admin Can Elevate to Config Mode

A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n a...

7.2CVSS6.6AI score0.00924EPSS
Exploits0
OSV
OSV
added 2019/10/16 6:15 p.m.4 views

CVE-2019-2934

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with network access via HTTP ...

8.1CVSS5.8AI score0.01366EPSS
Exploits0References1
OSV
OSV
added 2019/10/16 6:15 p.m.4 views

CVE-2019-2937

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with network access via HTTP ...

8.1CVSS7.3AI score0.01573EPSS
Exploits0References1
NVD
NVD
added 2019/10/16 6:15 p.m.16 views

CVE-2019-2934

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with network access via HTTP ...

8.1CVSS7.3AI score0.01366EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2019/10/16 5:40 p.m.10 views

CVE-2019-2934

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with network access via HTTP ...

6.7AI score0.01366EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/10/16 5:40 p.m.20 views

CVE-2019-2934

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with network access via HTTP ...

7.8AI score0.01366EPSS
Exploits0References1
Symantec
Symantec
added 2019/10/15 12:0 a.m.20 views

Oracle Hospitality Reporting and Analytics Multiple Remote Security Vulnerabilities

Description Oracle Hospitality Reporting and Analytics is prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over the 'HTTP' protocol. The 'Admin - Configuration' and 'Inventory Integration' packages are affected. These vulnerabilities affect the following...

0.5AI score
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2018/11/13 12:0 a.m.34 views

ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin)

Exploit Title: ABC ERP 0.6.4 - Cross-Site Request Forgery Update Admin Dork: N/A Date: 2018-11-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.abc-erp.com/ Software Link: https://netcologne.dl.sourceforge.net/project/abc-erp/abcv064.zip Version: 0.6.4 Category: Webapps Tested on:...

7AI score
Exploits0
CNVD
CNVD
added 2018/09/04 12:0 a.m.10 views

waimai Super Cms Cross-Site Request Forgery Vulnerability (CNVD-2018-19089)

waimai Super Cms is a takeaway ordering system. The system is compatible with IE, Firefox, Chrome, Safari and Opera browsers. A cross-site request forgery vulnerability exists in waimai Super Cms 20150505, which can be exploited by a remote attacker to change the configuration with the help of th...

6.5CVSS6.5AI score0.00447EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/09/01 6:0 p.m.21 views

CVE-2018-16315

In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add...

6.5AI score0.00447EPSS
Exploits1References1
CNVD
CNVD
added 2018/07/07 12:0 a.m.2 views

Code execution vulnerability in xdcms

xdcms is a fully open source and general purpose content management system. A code execution vulnerability exists in xdcms. The vulnerability is due to the background configuration page fails to completely filter the content submitted by the administrator due to the attacker can be exploited to...

8AI score
Exploits0
OSV
OSV
added 2018/06/14 11:29 p.m.5 views

CVE-2018-12431

SeaCMS V6.61 has XSS via the site name parameter on an adm1n/adminconfig.php page aka a system management page...

4.8CVSS5.6AI score0.00534EPSS
Exploits1References1
CNVD
CNVD
added 2017/12/22 12:0 a.m.8 views

Piwigo Configuration Component Cross-Site Scripting Vulnerability

Piwigo is a set of web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing categories, tags, time, etc. Configuration component is a component for configuration. A cross-site scripting vulnerability exists in the Configuration...

6.1CVSS6.2AI score0.00683EPSS
Exploits1References1
Prion
Prion
added 2017/12/21 4:29 a.m.14 views

Sql injection

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php orderby array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

4CVSS5.8AI score0.01488EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2017/12/21 4:29 a.m.5 views

CVE-2017-17823

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php orderby array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

4.9CVSS8.4AI score0.01488EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2017/12/20 3:29 a.m.3 views

CVE-2017-17774

admin/configuration.php in Piwigo 2.9.2 has CSRF...

8.8CVSS7.9AI score0.00581EPSS
Exploits1References3
Rows per page
Query Builder