Lucene search
+L

2051 matches found

Symantec
Symantec
added 2019/11/20 12:0 a.m.15 views

IBM Operations Analytics - Log Analysis Multiple Security Vulnerabilities

Description IBM Operations Analytics - Log Analysis is prone to multiple security vulnerabilities. Successful exploits will allow an attacker to obtain sensitive information, insert a crafted host header to navigate the victim to the attacker's domain or compromise the affected application. Other...

0.2AI score
Exploits0Affected Software1
NVD
NVD
added 2019/09/23 3:15 p.m.42 views

CVE-2019-13063

Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Scriptview page. This will result in file disclosure i.e., being able to pull any file from the remote victim application. This can be used to steal and...

7.5CVSS7.3AI score0.2723EPSS
Exploits6References2
Packet Storm
Packet Storm
added 2019/08/26 12:0 a.m.336 views

Joomla FireBoard 1.1.3 SQL Injection

Exploit Title : Joomla 1.5.26 ComFireBoard Components 1.1.3 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 24/08/2019 Vendor Homepage : fireboard.bestofjoomla.com Software Information Link : infosolutionsgoa.com/cms/fireboard-forum-joomla.html...

0.4AI score
Exploits0
GithubExploit
GithubExploit
added 2019/07/15 9:45 a.m.77 views

Exploit for Path Traversal in Sahipro Sahi_Pro

CVE-2019-13063 Proof of concept !Python 3https://img.shield...

7.5CVSS7.4AI score0.2723EPSS
Exploits6
ThreatPost
ThreatPost
added 2019/02/14 12:30 p.m.125 views

Critical OkCupid Flaw Exposed Daters to App Takeovers

A critical flaw in the OkCupid app has been found that could allow a bad actor to steal credentials, launch man-in-the-middle attacks or completely compromise the victim’s application. This is separate from the OKCupid account-takeover incident reported earlier in the week, but it does fit the...

6.8AI score
Exploits0References10
0day.today
0day.today
added 2019/01/24 12:0 a.m.37 views

SirsiDynix e-Library 3.5.x - Cross-Site Scripting Vulnerability

Exploit for cgi platform in category web applications Exploit Title: SirsiDynix e-Library = 3.5.x - Cross-Site Scripting CVE: CVE-2018-20503 Google Dork: inurl:/x/x/0/49 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: http://www.sirsidynix.com Version:...

0.03904EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/05/23 12:0 a.m.23 views

PHP Dashboards 4.5 SQL Injection

Exploit 1 of 2: Exploit Title: PHP Dashboards v4.5 - Registration Page SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Azkan Mustafa AkkuA AkkuS Vendor Homepage: https://codecanyon.net/item/php-dashboards-v40-collaborative-social-dashboards/19314871 Version: v4.5 Category: Webapps Tested...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2018/03/25 4:44 p.m.33 views

Ubiquiti Inc.: UniFi Video Server web interface Configuration Restore CSRF leading to full application compromise

In UniFi Video 3.10.0, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page...

6.8CVSS3AI score0.00709EPSS
Exploits0
Prion
Prion
added 2018/02/18 6:29 a.m.11 views

Design/Logic Flaw

In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an...

6.5CVSS8.6AI score0.01876EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/02/18 6:0 a.m.24 views

CVE-2018-7217

In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an...

8.7AI score0.01876EPSS
Exploits0References2
exploitpack
exploitpack
added 2017/08/27 12:0 a.m.12 views

Matrimonial Script 2.7 - Authentication Bypass

Matrimonial Script 2.7 - Authentication Bypass ======================================================== admin panel Authentication bypass Description : An Attackers are able to completely compromise the web application built upon Matrimonial Script as they can gain access to the admin panel and...

0.5AI score
Exploits0
NVD
NVD
added 2017/06/15 8:29 p.m.18 views

CVE-2017-7876

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions...

10CVSS9.9AI score0.033EPSS
Exploits0References3
CNVD
CNVD
added 2017/05/24 12:0 a.m.2 views

Multiple SQL Injection Vulnerabilities in Trend Micro Control Manager

Trend Micro Control Manager TMCM is an integrated threat detection and data protection management center software from Trend Micro. Trend Micro Control Manager suffers from multiple SQL injection vulnerabilities that stem from a failure to adequately validate SQL queries before utilizing user dat...

8AI score
Exploits0References1
Packet Storm
Packet Storm
added 2017/05/20 12:0 a.m.76 views

ManageEngine ServiceDesk Plus 9.0 Authentication Bypass

Title: ManageEngine ServiceDesk Plus Application Compromise Date: 19 May 2017 Researcher: Steven Lackey ByteM3 Product: ServiceDesk Plus http://www.manageengine.com/ Affected Version: 9.0 Other versions could also be affected Fixed Version: Service Pack 9241 a Build 9.2 Vulnerability Impact: High...

0.9AI score
Exploits0
exploitpack
exploitpack
added 2017/05/19 12:0 a.m.28 views

ManageEngine ServiceDesk Plus 9.0 - Authentication Bypass

ManageEngine ServiceDesk Plus 9.0 - Authentication Bypass Title: ManageEngine ServiceDesk Plus Application Compromise Date: 19 May 2017 Researcher: Steven Lackey ByteM3 Product: ServiceDesk Plus http://www.manageengine.com/ Affected Version: 9.0 Other versions could also be affected Fixed Version...

0.9AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/19 12:0 a.m.88 views

ManageEngine ServiceDesk Plus 9.0 - Authentication Bypass

Title: ManageEngine ServiceDesk Plus Application Compromise Date: 19 May 2017 Researcher: Steven Lackey ByteM3 Product: ServiceDesk Plus http://www.manageengine.com/ Affected Version: 9.0 Other versions could also be affected Fixed Version: Service Pack 9241 – Build 9.2 Vulnerability Impact: High...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.9 views

Backup Directory

A common practice when administering web applications is to create a copy/backup of a particular directory prior to making any modification. Another common practice is to add an extension or change the name of the original directory to signify that it is a backup examples include .bak, .orig,...

7.2AI score
Exploits0References2
CNVD
CNVD
added 2017/03/28 12:0 a.m.5 views

NetIQ Access Manager Clickjacking Vulnerability

NetIQ Access Manager NAM is a resource access control solution from NetIQ, USA. The solution provides multiple authentication, data encryption, single sign-on and SSL VPN for local and remote users. A clickjacking vulnerability exists in NetIQ Access Manager. A remote attacker could exploit this...

6.5CVSS6.6AI score0.00502EPSS
Exploits0References1
exploitpack
exploitpack
added 2016/08/05 12:0 a.m.26 views

Subrion CMS 4.0.5 - SQL Injection

Subrion CMS 4.0.5 - SQL Injection Document Title: =============== Subrion v4.0.5 CMS - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1893 Release Date: ============= 2016-08-04 Vulnerability Laboratory ID VL-ID:...

Exploits0
OpenVAS
OpenVAS
added 2016/05/09 12:0 a.m.20 views

CANDID 'view.php' SQL Injection and Cross Site Scripting Vulnerabilities

CANDID is prone to sql injection and cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5AI score
Exploits0References2
Rows per page
Query Builder