Lucene search
+L

610 matches found

CNVD
CNVD
added 2017/06/15 12:0 a.m.6 views

WordPress WP Jobs Plugin SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WP Jobs plugin is one of the post management plugin. A SQL injection vulnerability exists in WordPress WP Jobs plug...

8.8CVSS8.2AI score0.04929EPSS
Exploits4References1
CNVD
CNVD
added 2017/05/19 12:0 a.m.3 views

Arbitrary Password Reset Vulnerability in 'Admin_Edit.aspx' File of Micro Xia Online Learning Platform

Micro Xia Online Learning Platform is an online education system based on B/S architecture. An arbitrary password reset vulnerability exists in the 'AdminEdit.aspx' file of the Weixia Online Learning Platform. It allows an attacker to reset the administrator password by entering a new password in...

7.1AI score
Exploits0
CNVD
CNVD
added 2016/01/15 12:0 a.m.5 views

Serendipity cross-site scripting vulnerability (CNVD-2016-00303)

Serendipity is a PHP-based blogging system. Serendipity serendipityadmin.php script fails to adequately filter the 'serendipityentryid' parameter in the 'edit' admin operation. This allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to...

5.4CVSS6.5AI score0.01174EPSS
Exploits2References1
CNVD
CNVD
added 2015/07/02 12:0 a.m.6 views

GetSimple CMS suffers from multiple cross-site scripting vulnerabilities (CNVD-2015-04182)

GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in Cagintranet Networks GetSimple CMS versions prior to...

4.3CVSS6.1AI score0.01917EPSS
Exploits1References1
NVD
NVD
added 2007/10/30 9:46 p.m.27 views

CVE-2007-4861

SAXON 5.4, with displayerrors enabled, allows remote attackers to obtain sensitive information via 1 a direct request for news.php, 2 an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in 3 admin/, 4 rss/, and 5 the ro...

5CVSS6.3AI score0.01814EPSS
Exploits0References10
Prion
Prion
added 2007/10/30 9:46 p.m.17 views

Design/Logic Flaw

SAXON 5.4, with displayerrors enabled, allows remote attackers to obtain sensitive information via 1 a direct request for news.php, 2 an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in 3 admin/, 4 rss/, and 5 the ro...

5CVSS6.8AI score0.01814EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2007/10/30 9:0 p.m.55 views

CVE-2007-4861

SAXON 5.4 is affected by multiple path disclosure flaws when display_errors is enabled. Exploitation vectors include direct requests to news.php, improper handling of newsid in admin/edit-item.php, and other scripts under admin/, rss/, and the installation root, which reveal server paths in error...

5CVSS6.3AI score0.01814EPSS
Exploits0References10Affected Software1
Prion
Prion
added 2007/08/31 11:17 p.m.19 views

Authentication flaw

xGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote attackers to make unspecified changes via an unknown series of steps...

6.4CVSS7.5AI score0.02166EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2007/08/31 11:0 p.m.41 views

CVE-2007-4637

CVE-2007-4637 affects xGB.php in xGB 2.0, where an admin edit action does not require authentication. This allows remote attackers to perform unspecified changes via an unknown series of steps. The NVD entry lists a MEDIUM base score (6.4) with network attack vector, low complexity, and no user i...

6.4CVSS7AI score0.02166EPSS
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2006/11/27 12:0 a.m.29 views

SimpleBlog <= 2.3 (admin/edit.asp) Remote SQL Injection Vulnerability

No description provided by source. Title : simpleblog = v 2.3 /admin/edit.asp Remote SQL Injection Vulnerability Author : bolivar Dork : "SimpleBlog 2.3 by 8pixel.net" ---------------------------------------------------------------------------...

7.1AI score
Exploits0
Rows per page
Query Builder