Lucene search
K

69 matches found

CNNVD
CNNVD
added 2024/08/07 12:0 a.m.3 views

Kashipara Responsive School Management System 安全漏洞

Kashipara Responsive School Management System is a school management system from Kashipara. A security vulnerability exists in the Kashipara Responsive School Management System version v3.2.0, which stems from an error in the /smsa/adminstudentregisterapproval.php file and the...

6.5CVSS6.8AI score0.0039EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/03/25 12:0 a.m.6 views

Docker Desktop 后置链接漏洞

Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

7.1CVSS7.1AI score0.00425EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/03/25 12:0 a.m.5 views

PT-2022-17991 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.6.0 Description: The issue allows an attacker to overwrite administrator-writable files by creating a symlink where the installer writes its log file. This can be exploited when the Docker Desktop installer ...

7.1CVSS6.8AI score0.00425EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/03/23 12:0 a.m.6 views

PT-2022-18279 · Dvs · Dvs Avilys

Name of the Vulnerable Software and Affected Versions: DVS Avilys versions prior to 3.5.58 Description: The issue affects the Reporting module in the DVS Avilys document management system, allowing unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading...

7.5CVSS7.5AI score0.01102EPSS
Exploits0References6
NVD
NVD
added 2022/02/28 11:15 p.m.14 views

CVE-2022-25410

Maxsite CMS v180 was discovered to contain a stored cross-site scripting XSS vulnerability via the parameter ffiledescription at /admin/files...

5.4CVSS0.00485EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/02/28 11:15 p.m.4 views

CVE-2022-25410

Maxsite CMS v180 was discovered to contain a stored cross-site scripting XSS vulnerability via the parameter ffiledescription at /admin/files...

5.4CVSS6AI score0.00485EPSS
Exploits1References2
OSV
OSV
added 2020/10/16 2:15 p.m.6 views

CVE-2020-3991

VMware Horizon Client for Windows 5.x before 5.5.0 contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at...

7.1CVSS7.1AI score0.00339EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/03/12 12:0 a.m.4 views

PT-2020-12083 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited in admin/import-html.php by adding a question mark ? follow...

4.8CVSS5.4AI score0.00733EPSS
Exploits3References3
CNVD
CNVD
added 2020/03/04 12:0 a.m.1 views

Arbitrary File Read Vulnerability in Born Creative OA System

Born Creative OA office system for the first domestic open source OA software producers, using the leading B / S architecture, cross-platform language php + mysql and other flexible applications, is one of China's most extensive user base of OA systems. Born Creative OA system there is an arbitra...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2019/04/26 12:0 a.m.6 views

PT-2019-9128 · Gnu · Gnuboard5

Name of the Vulnerable Software and Affected Versions: gnuboard5 versions prior to 5.3.1.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via a Cross-Site Scripting XSS vulnerability in the adm/sms admin/num book write.php and adm/sms admin/num book update.p...

6.1CVSS6.1AI score0.01118EPSS
Exploits0References6
OSV
OSV
added 2017/11/28 3:29 p.m.4 views

CVE-2017-15673

The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page...

7.2CVSS6AI score0.01938EPSS
Exploits3References1
CVE
CVE
added 2017/10/21 10:0 p.m.59 views

CVE-2017-15733

The CVE-2017-15733 entry concerns phpMyFAQ prior to version 2.9.9, where CSRF protections are missing for admin/ajax.attachment.php and admin/att.main.php. Several connected sources (NVD/NVD-derived records, Red Hat advisory RH:CVE-2017-15733, CNVD, OSV, and Veracode) corroborate that an attacker...

8.8CVSS8.8AI score0.0058EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/08/06 3:29 a.m.17 views

Sql injection

SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAXlookuphandler.php tableName and tableFields parameters, admin/AJAXcheckid.php, and admin/AJAXvocabolarycontrol.php. It can be exploited by remote authenticated librarian users...

6.5CVSS8.8AI score0.01745EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2016/01/05 9:27 p.m.1 views

USN-2858-2 linux-lts-wily vulnerability

Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges...

7.2CVSS6.7AI score0.22374EPSS
Exploits12References2
NVD
NVD
added 2015/07/20 1:59 a.m.19 views

CVE-2015-1883

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure...

4CVSS5.9AI score0.01897EPSS
Exploits0References7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.28 views

MyCMS <= 0.9.8 - Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo MyCMS = 0.9.8 Remote Command Execution Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love ; if $argc3 echo Usage: php .$argv0. Host Path C...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/04/19 12:0 a.m.20 views

PTCeffect 4.6 Local File Inclusion / SQL Injection

Exploit Title: PTCeffect LFI & SQL Injection Vulnerabilities Google Dork: find it : Date: 2014-04-19 Exploit Author: Walidz Software Link: http://www.ptceffect.com/ Version: 4.6 Tested on: windows,linux,mac os CVE : N/A The LFI vulnerability is in index.php...

Exploits0
exploitpack
exploitpack
added 2014/04/19 12:0 a.m.24 views

PTCeffect 4.6 - Local File Inclusion SQL Injection

PTCeffect 4.6 - Local File Inclusion SQL Injection Exploit Title: PTCeffect LFI & SQL Injection Vulnerabilities Google Dork: find it : Date: 2014-04-19 Exploit Author: Walidz Software Link: http://www.ptceffect.com/ Version: 4.6 Tested on: windows,linux,mac os CVE : N/A The LFI vulnerability is i...

Exploits0
0day.today
0day.today
added 2014/04/17 12:0 a.m.21 views

PTCeffect <= 4.6 LFI & SQL Injection Vulnerabilities

PTCeffect also known as ptcevolution is vulnerable to an sql injection. It let you grab admin password and basically everything you want in db. You don't need to have an account on the vulnerable site to use this exploit. The LFI vulnerability is in index.php...

7.1AI score
Exploits0
OSV
OSV
added 2014/04/10 12:55 a.m.4 views

UBUNTU-CVE-2014-0165

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php...

4CVSS5.8AI score0.02368EPSS
Exploits0References2
Rows per page
Query Builder