Lucene search
K

47 matches found

Cvelist
Cvelist
added 2018/12/03 10:0 p.m.22 views

CVE-2018-4019

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated...

7.2CVSS7.4AI score0.48721EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/12/03 10:0 p.m.19 views

CVE-2018-4020

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated...

7.2CVSS7.4AI score0.48721EPSS
Exploits1References1
Prion
Prion
added 2018/05/28 1:29 p.m.13 views

Cross site scripting

Stored cross-site scripting XSS vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...

3.5CVSS4.7AI score0.02178EPSS
Exploits5References3Affected Software1
Exploit DB
Exploit DB
added 2018/05/28 12:0 a.m.48 views

wityCMS 0.6.1 - Cross-Site Scripting

Exploit Title: wityCMS 0.6.1 Persistent XSS on "Website's name" field Date: 05/28/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://creatiwity.net/witycms Software Link: https://github.com/Creatiwity/wityCMS/releases/tag/0.6.1 Version: 0.6.1 Tested on:...

4.8CVSS5.1AI score0.02178EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/05/28 12:0 a.m.49 views

wityCMS 0.6.1 Cross Site Scripting

Exploit Title: wityCMS 0.6.1 Persistent XSS on "Website's name" field Date: 05/28/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://creatiwity.net/witycms Software Link: https://github.com/Creatiwity/wityCMS/releases/tag/0.6.1 Version: 0.6.1 Tested on:...

0.02178EPSS
Exploits5
exploitpack
exploitpack
added 2018/05/28 12:0 a.m.43 views

wityCMS 0.6.1 - Cross-Site Scripting

wityCMS 0.6.1 - Cross-Site Scripting Exploit Title: wityCMS 0.6.1 Persistent XSS on "Website's name" field Date: 05/28/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://creatiwity.net/witycms Software Link:...

3.5CVSS5AI score0.02178EPSS
Exploits5
WPVulnDB
WPVulnDB
added 2018/05/18 12:0 a.m.17 views

ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 - Authenticated Code Execution

The plugin ProfileGrid – User Profiles, Groups and Communities versions prior to 2.8.6 is vulnerable to Arbitrary Code Execution. An authenticated user with a role as low as Subscriber can execute arbitrary PHP code on websites using the plugin. PoC Send an authenticated POST request to...

6.5CVSS3AI score0.03883EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder