Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4199 matches found

OSV
OSVadded 2019/01/10 10:29 p.m.4 views

CVE-2018-5403

Imperva SecureSphere gateway GW running v13, for both pre-First Time Login or post-First Time Login FTL, if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface...

8.1CVSS5.8AI score
Exploits0References1
OSV
OSVadded 2019/01/04 2:29 p.m.4 views

CVE-2019-5310

YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by sitetitle in an admin/system/basic POST request...

6.1CVSS6.4AI score0.00675EPSS
Exploits1References1
Prion
Prionadded 2019/01/04 2:29 p.m.22 views

Cross site request forgery (csrf)

YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by sitetitle in an admin/system/basic POST request...

4.3CVSS5.9AI score0.00675EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2019/01/04 2:0 p.m.27 views

CVE-2019-5310

YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by sitetitle in an admin/system/basic POST request...

6AI score0.00675EPSS
Exploits1References1
NVD
NVDadded 2019/01/02 7:29 a.m.13 views

CVE-2019-3500

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...

7.8CVSS7.4AI score0.00351EPSS
Exploits1References7
Prion
Prionadded 2019/01/02 7:29 a.m.15 views

Default credentials

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...

2.1CVSS7.2AI score0.00351EPSS
Exploits1References7Affected Software4
OSV
OSVadded 2019/01/02 7:29 a.m.3 views

ALPINE-CVE-2019-3500

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...

7.8CVSS6.3AI score0.00351EPSS
Exploits1References1
OSV
OSVadded 2019/01/02 7:29 a.m.25 views

CVE-2019-3500

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...

7.8CVSS6.1AI score
Exploits0References7
AlpineLinux
AlpineLinuxadded 2019/01/02 7:0 a.m.35 views

CVE-2019-3500

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...

7.8CVSS7.4AI score0.00351EPSS
Exploits1
UbuntuCve
UbuntuCveadded 2019/01/02 12:0 a.m.25 views

CVE-2019-3500

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...

7.8CVSS7.1AI score0.00351EPSS
Exploits1References5
OSV
OSVadded 2019/01/02 12:0 a.m.1 views

UBUNTU-CVE-2019-3500

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...

7.8CVSS7.1AI score0.00351EPSS
Exploits1References6
OSV
OSVadded 2018/12/20 9:29 p.m.4 views

CVE-2018-18871

Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker in the same network as the device to change the admin password without authentication and without knowing the original password...

9.8CVSS5.8AI score0.01658EPSS
Exploits1References1
CVE
CVEadded 2018/12/20 9:0 p.m.39 views

CVE-2018-18871

CVE-2018-18871 affects Gigaset Maxwell Basic VoIP phones (firmware 2.22.7). The web interface lacks password verification, allowing a remote attacker on the same network to change the admin password without authentication. This is a network-accessible issue with high impact to confidentiality and...

9.8CVSS9.5AI score0.01658EPSS
Exploits1References1Affected Software1
CNVD
CNVDadded 2018/12/12 12:0 a.m.3 views

Microsoft Internet Explorer VBScript Engine Remote Memory Corruption Vulnerability (CNVD-2019-39018)

Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system. A memory corruption vulnerability exists in Microsoft IE 9, 10, and 11 that stems from a VBScript execution policy that does not strictly restrict VBScript.A remote attacker can exploit this vulnerabilit...

7.6CVSS7.6AI score0.45762EPSS
Exploits2References1
Akamai Blog
Akamai Blogadded 2018/11/29 2:0 p.m.13 views

Bread And Butter Attacks

We continuously find that the most basic attack methods that worked ten years ago still work and will probably continue to be effective in the future...

3.4AI score
Exploits0
CNVD
CNVDadded 2018/11/20 12:0 a.m.2 views

Weak Password Vulnerability in Maipu Switches

Mapper switches generally have weak passwords, and then you can go in and perform any operation with a low-privilege user. This is based on http basic authentication http://111.50.98.155:80 http://111.50.98.151:80 http://111.50.98.154:80 admin/admin...

7AI score
Exploits0
Kitploit
Kitploitadded 2018/11/15 8:40 p.m.117 views

DeepSearch - Advanced Web Dir Scanner

DeepSearch is a simple command line tool for bruteforce directories and files in websites. Installation $ git clone https://github.com/m4ll0k/DeepSearch.git deepsearch $ cd deepsearch $ pip3 install requests $ python3 deepsearch.py Screenshots Usage Basic: python3 deepsearch.py -u...

8AI score
Exploits0References1
OSV
OSVadded 2018/11/15 7:29 p.m.3 views

CVE-2018-8529

A remote code execution vulnerability exists when Team Foundation Server TFS does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team...

9.8CVSS6.4AI score0.13455EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2018/11/15 7:29 p.m.3 views

CVE-2018-8529

A remote code execution vulnerability exists when Team Foundation Server TFS does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team...

9.8CVSS6.7AI score0.13455EPSS
Exploits0References3
NVD
NVDadded 2018/11/15 7:29 p.m.25 views

CVE-2018-8529

A remote code execution vulnerability exists when Team Foundation Server TFS does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team...

9.8CVSS9.9AI score0.13455EPSS
Exploits0References2
Rows per page
Query Builder