Lucene search
K

52 matches found

OSV
OSV
added 2019/02/23 6:29 p.m.4 views

CVE-2019-9040

S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332...

8.8CVSS7.3AI score0.00572EPSS
Exploits0References1
NVD
NVD
added 2018/12/28 4:29 p.m.22 views

CVE-2018-20571

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file...

7.5CVSS7.4AI score0.01368EPSS
Exploits0References1
OSV
OSV
added 2018/10/08 10:29 p.m.5 views

CVE-2018-18069

processforms in the WPML aka sitepress-multilingual-cms plugin through 3.6.3 for WordPress has XSS via any localefilename parameter such as localefilenameen in an authenticated theme-localization.php request to wp-admin/admin.php...

6.1CVSS5.8AI score0.13207EPSS
Exploits2References1
OSV
OSV
added 2018/01/14 4:29 a.m.3 views

CVE-2018-5695

The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php...

7.2CVSS5.8AI score0.01207EPSS
Exploits3References1
NVD
NVD
added 2017/11/27 10:29 a.m.11 views

CVE-2017-16961

A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a...

6.5CVSS6.3AI score0.01393EPSS
Exploits1References1
OSV
OSV
added 2017/11/27 10:29 a.m.19 views

CVE-2017-16961

A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a...

6.5CVSS7.1AI score
Exploits0References1
CNVD
CNVD
added 2015/03/12 12:0 a.m.2 views

WordPress Plugin All In One WP Security & Firewall Cross-Site Request Forgery Vulnerability

WordPress is a use of PHP language development of blogging platform , users can support PHP and MySQL database server to set up their own weblog . All In One WP Security & Firewall plugin is a Wordpress security management and firewall plugin . A cross-site request forgery vulnerability exists in...

6.8CVSS7.1AI score0.01076EPSS
Exploits0References1
CNVD
CNVD
added 2015/02/28 12:0 a.m.4 views

Multiple Cross-Site Request Forgery Vulnerabilities in Acobot Live Chat & Contact Form Plugin

Acobot Live Chat & Contact Form plugin is a very friendly and powerful chat management plugin for WordPres. Acobot Live Chat & Contact Form plugin 2.0 for WordPress suffers from multiple cross-site request forgery vulnerabilities, which can be exploited by remote attackers to hijack an...

6.8CVSS7AI score0.01196EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2012/07/03 9:55 p.m.3 views

CVE-2011-5096

Stack-based buffer overflow in cstore.exe in the Media Application Server MAS in Avaya Aura Application Server 5300 formerly Nortel Media Application Server 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted csanams parameter in a...

10CVSS6.4AI score0.0394EPSS
Exploits0References4
Cvelist
Cvelist
added 2009/02/25 4:0 p.m.23 views

CVE-2009-0541

Multiple cross-site scripting XSS vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via 1 the username field in an admin/ request to index.php, possibly related to the loginusername parameter and the app/code/core/Mage/Admin/Model/Session.p...

5.9AI score0.01806EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2007/03/02 9:18 p.m.2 views

CVE-2007-1156

JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for admin/...

7.5CVSS5.6AI score0.08741EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2004/05/12 12:0 a.m.3 views

PT-2004-1571 · Heimdal · Heimdal K5Admind

Name of the Vulnerable Software and Affected Versions: Heimdal k5admind kadmind affected versions not specified Description: The issue allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request. This is due to a heap-based buffer overflow that occurs...

10CVSS7.5AI score0.07159EPSS
Exploits0References9
Rows per page
Query Builder