Lucene search
K

232 matches found

NVD
NVD
added 2022/01/21 6:15 p.m.14 views

CVE-2020-4879

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847...

9.8CVSS0.01481EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/01/21 5:20 p.m.16 views

CVE-2020-4879

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847...

7.3CVSS9.1AI score0.01481EPSS
Exploits0References2
CVE
CVE
added 2022/01/21 5:20 p.m.49 views

CVE-2020-4879

CVE-2020-4879 affects IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2, where improper validation of authentication cookies could allow a remote attacker to bypass security restrictions. Connected sources confirm the vulnerability is tied to cookie handling and describe the remediation: IBM Cogno...

9.8CVSS9.1AI score0.01481EPSS
Exploits0References2Affected Software1
Krebs on Security
Krebs on Security
added 2022/01/21 5:11 p.m.24 views

Crime Shop Sells Hacked Logins to Other Crime Shops

Up for the "Most Meta Cybercrime Offering" award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and tho...

7.1AI score
Exploits0
0day.today
0day.today
added 2021/10/08 12:0 a.m.309 views

WordPress Pie Register 3.7.1.4 Plugin - Admin Privilege Escalation Vulnerability

Exploit Title: WordPress Plugin Pie Register 3.7.1.4 - Admin Privilege Escalation Unauthenticated Google Dork: inurl:/plugins/pie-register/ Exploit Author: Lotfi13-DZ Vendor Homepage: https://wordpress.org/plugins/pie-register/ Software Link:...

0.6AI score
Exploits0
NCSC
NCSC
added 2021/09/29 12:0 a.m.2 views

Vulnerability fixed in IBM Aspera

A vulnerability has been fixed in IBM Aspera. The vulnerability allows a remote malicious party to perform a Cross-Site Scripting attack and thereby steal authentication cookies. IBM has released updates to fix the vulnerability. More information can be found on the page below:...

6.9AI score
Exploits0
CNVD
CNVD
added 2021/09/02 12:0 a.m.2 views

FileBrowser Cross-Site Scripting Vulnerability (CNVD-2025-22709)

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser suffers from a cross-site scripting vulnerability that is caused by improper validation of...

5.4CVSS6.6AI score0.00779EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/19 12:0 a.m.5 views

Unspecified Vulnerability in Wordpress MStore API

Wordpress MStore API is Wordpress open source an application plugin . Provides a configuration for Mstore, FluxStore mobile devices and support RestAPI to connect to the application features . MStore API WordPress plugin version 3.2.0 before the existence of a security vulnerability that can be...

10CVSS7AI score0.03373EPSS
Exploits1References1
CNVD
CNVD
added 2021/02/28 12:0 a.m.8 views

Triconsole Datepicker Calendar Cross-Site Scripting Vulnerability

Triconsole Datepicker Calendar is a Triconsole open source application. Provides a calendar component . A cross-site scripting vulnerability exists in Triconsole Datepicker Calendar prior to version 3.77, which stems from calendarform.php not fully validating user input, which allows an attacker ...

6.1CVSS6.1AI score0.06196EPSS
Exploits3References1
NVD
NVD
added 2021/02/25 4:15 p.m.16 views

CVE-2021-27330

Triconsole Datepicker Calendar 3.77 is affected by cross-site scripting XSS in calendarform.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents...

6.1CVSS0.06196EPSS
Exploits3References4
OSV
OSV
added 2021/02/25 4:15 p.m.3 views

CVE-2021-27330

Triconsole Datepicker Calendar 3.77 is affected by cross-site scripting XSS in calendarform.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents...

6.1CVSS6.3AI score0.06196EPSS
Exploits3References4
Prion
Prion
added 2021/02/25 4:15 p.m.18 views

Cross site scripting

Triconsole Datepicker Calendar 3.77 is affected by cross-site scripting XSS in calendarform.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents...

4.3CVSS6AI score0.06196EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2021/02/25 3:11 p.m.26 views

CVE-2021-27330

Triconsole Datepicker Calendar 3.77 is affected by cross-site scripting XSS in calendarform.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents...

6.3AI score0.06196EPSS
Exploits3References4
CNNVD
CNNVD
added 2021/02/25 12:0 a.m.8 views

Triconsole Datepicker Calendar 跨站脚本漏洞

Triconsole Datepicker Calendar is a Triconsole open source application. Provides a calendar component . A cross-site scripting vulnerability exists in Triconsole Datepicker Calendar prior to version 3.77, which stems from calendarform.php not fully validating user input, which allows an attacker ...

6.1CVSS6.2AI score0.06196EPSS
Exploits3References6
CNVD
CNVD
added 2021/02/24 12:0 a.m.6 views

Fiber Encryption Problem Vulnerability

Fiber is an open source web framework written in the Go language . An encryption issue vulnerability exists in FiberHome HG6245D, which can be exploited by an attacker to find passwords and authentication cookies stored in plaintext on the device...

7.5CVSS6.8AI score0.18862EPSS
Exploits1References1
OSV
OSV
added 2021/02/10 7:15 p.m.5 views

CVE-2021-27140

An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs...

7.5CVSS5.8AI score0.18862EPSS
Exploits1References1
CVE
CVE
added 2021/02/10 6:41 p.m.53 views

CVE-2021-27140

FiberHome HG6245D devices (via RP2613) are affected by CVE-2021-27140: passwords and authentication cookies are stored in cleartext in web.log HTTP logs. The connected sources confirm the affected product and root cause (cleartext credential exposure in logs); exploitation details and specific re...

7.5CVSS7.6AI score0.18862EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/02/10 12:0 a.m.13 views

FiberHome HG6245D devices 加密问题漏洞

Fiber is an open source web framework written in the Go language . An encryption issue vulnerability exists in FiberHome HG6245D, which can be exploited by an attacker to find passwords and authentication cookies stored in plaintext on the device...

7.5CVSS7.1AI score0.18862EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2021/01/29 12:0 a.m.175 views

BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting

Title: BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting Exploit Author: LiPeiYi Date: 2020-12-18 Vendor Homepage: https://www.bloofox.com/ Software Link: https://github.com/alexlang24/bloofoxCMS/releases/tag/0.5.2.1 Version: 0.5.1.0 -.5.2.1 Tested on: windows 10 Vulnerable paper:...

7.4AI score
Exploits0
OSV
OSV
added 2021/01/07 1:15 p.m.3 views

CVE-2020-24902

Quixplorer =2.4.1 is vulnerable to reflected cross-site scripting XSS caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web...

6.1CVSS5.8AI score0.02852EPSS
Exploits1References1
Rows per page
Query Builder