Lucene search
K

378 matches found

OSV
OSV
added 2017/11/08 5:29 a.m.2 views

DEBIAN-CVE-2017-16660

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...

7.2CVSS7.7AI score0.04246EPSS
Exploits1References1
CVE
CVE
added 2017/09/12 10:0 p.m.48 views

CVE-2015-9230

The CVE-2015-9230 entry relates to the BulletProof Security WordPress plugin. Affected component: admin/db-backup-security/db-backup-security.php. Root cause: cross-site scripting (XSS) vulnerability via the DBTablePrefix parameter in plugin versions prior to 0.52.5, exploitable by remote authent...

4.8CVSS4.7AI score0.01576EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2017/07/28 5:29 a.m.5 views

CVE-2017-11715

job/uploadfilesave.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php...

9.8CVSS6.1AI score0.01492EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/07/28 5:0 a.m.22 views

CVE-2017-11715

job/uploadfilesave.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php...

9.5AI score0.01492EPSS
Exploits1References1
OSV
OSV
added 2017/07/18 12:29 a.m.4 views

CVE-2017-11405

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file...

4.9CVSS5.8AI score0.00849EPSS
Exploits1References1
NVD
NVD
added 2017/07/18 12:29 a.m.21 views

CVE-2017-11404

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php...

4.9CVSS5AI score0.00849EPSS
Exploits1References1
OSV
OSV
added 2017/07/18 12:29 a.m.5 views

CVE-2017-11404

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php...

4.9CVSS5.8AI score0.00849EPSS
Exploits1References1
Prion
Prion
added 2017/07/13 1:29 a.m.15 views

Deserialization of untrusted data

application/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action...

3.5CVSS5AI score0.00614EPSS
Exploits1References1
NVD
NVD
added 2017/06/24 3:29 p.m.20 views

CVE-2017-9836

Cross-site scripting XSS vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtualname parameter to /admin.php i.e., creating a virtual album...

4.8CVSS4.9AI score0.00595EPSS
Exploits0References1
OSV
OSV
added 2017/05/23 5:29 a.m.3 views

CVE-2017-5966

Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter...

4.9CVSS5.9AI score0.01598EPSS
Exploits1References1
OSV
OSV
added 2017/05/11 2:30 p.m.6 views

CVE-2016-9100

Symantec Advanced Secure Gateway ASG 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an...

7.8CVSS5.8AI score0.00429EPSS
Exploits0References3
Patchstack
Patchstack
added 2015/08/21 12:0 a.m.9 views

WordPress Crontrol Plugin <= 1.2.3 - Cross Site Scripting (XSS)

Because of this vulnerability, authenticated administrators can store HTML and JS code. Vulnerable parameters: "idhookname", "idsig", "idnextrun", "idargscode". Solution Update the plugin...

1.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.128 views

CollabNet Subversion Edge indes local file inclusion

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "listViewItem" parameter of the "index" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type:...

1.4AI score
Exploits0
Patchstack
Patchstack
added 2015/05/11 12:0 a.m.12 views

WordPress WP Fast Cache Plugin <= 1.4 - Multiple Vulnerabilities

This plugin is prone to cross site request forgery attacks, which can also be combined with XSS attacks authenticated administrators only. Solution Update the plugin...

4.1AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2015/02/12 1:0 a.m.22 views

CVE-2015-0580

Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System ACS before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027...

7.9AI score0.00916EPSS
Exploits0References4
NVD
NVD
added 2014/12/20 12:59 a.m.17 views

CVE-2014-9193

Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting...

9CVSS6.4AI score0.03141EPSS
Exploits0References3
Prion
Prion
added 2014/06/28 3:55 p.m.14 views

Sql injection

SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate field...

6.5CVSS8.3AI score0.01007EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2013/08/31 5:55 p.m.25 views

Command injection

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299...

9CVSS7.8AI score0.03001EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2012/07/30 7:55 p.m.14 views

CVE-2012-2163

IBM Scale Out Network Attached Storage SONAS 1.1 through 1.3.1 allows remote authenticated administrators to execute arbitrary Linux commands via the 1 Command Line Interface or 2 Graphical User Interface, related to a "code injection" issue...

9CVSS7.1AI score0.02228EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2012/06/07 7:0 p.m.46 views

CVE-2012-1012

server/serverstubs.c in the kadmin protocol implementation in MIT Kerberos 5 aka krb5 1.10 before 1.10.1 does not properly restrict access to 1 SETSTRING and 2 GETSTRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global...

5.5CVSS7.4AI score0.01222EPSS
Exploits0
Rows per page
Query Builder