CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7735 matches found

NVD•added 2019/10/13 6:15 p.m.•16 views

CVE-2019-17535

Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647...

9.3CVSS6.5AI score0.02013EPSS

Exploits1References2

Prion•added 2019/10/13 6:15 p.m.•24 views

Design/Logic Flaw

Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647...

4.3CVSS6.2AI score0.02261EPSS

Exploits6References2Affected Software1

CVE•added 2019/10/13 5:52 p.m.•103 views

CVE-2019-17535

CVE-2019-17535 affects Gila CMS up to version 1.11.4, enabling XSS in blog-list.php via the search parameter in both the gila-blog and gila-mag themes. The vulnerability stems from the same underlying issue as CVE-2019-9647, leading to potential execution of client-side code. The connected source...

9.3CVSS6.1AI score0.02013EPSS

Exploits1References2Affected Software1

Cvelist•added 2019/10/13 5:52 p.m.•24 views

CVE-2019-17535

Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647...

9.3CVSS6.2AI score0.02013EPSS

Exploits1References2

CNVD•added 2019/10/12 12:0 a.m.•1 views

MileagePlus open source blog system v2.2 has SQL injection vulnerabilities

Mile High Open Source Blog System is a blog system based on ThinkPHP development. MileagePlus Open Source Blog System v2.2 suffers from a SQL injection vulnerability. Attackers can exploit the vulnerability to obtain sensitive database information...

7.8AI score

Exploits0

CNVD•added 2019/10/11 12:0 a.m.•1 views

MileagePlus open source blog system V2.0 suffers from SQL injection vulnerabilities

MileagePlus Blog System is a blog system based on ThinkPHP development. MileageMi Open Source Blog System V2.0 suffers from a SQL injection vulnerability, which allows attackers to exploit the vulnerability to obtain sensitive information from the database...

7.6AI score

Exploits0

CNVD•added 2019/10/11 12:0 a.m.•2 views

File Upload Vulnerability in b2evolution Blog System

b2evolution is a PHP MySQL development , mature , excellent Blog engine . It contains a Blog tool should have all the features . b2evolution blog system file upload vulnerability , an attacker can exploit the vulnerability to upload arbitrary files , to obtain server privileges...

7.1AI score

Exploits0

Hacker One•added 2019/10/10 5:47 a.m.•31 views

U.S. Dept Of Defense: Remote Code Execution in ██████

The vulnerability you reported has been resolved and this report is now closed. If you have any further questions or disagree that the report is resolved, please let us know. Thank you for your time and effort to improve the security of the DoD information network. Thanks @s3cr3tsdn for reporting...

6.9AI score

Exploits0

GithubExploit•added 2019/10/09 3:19 p.m.•577 views

Exploit for CVE-2019-15846

Exim CVE-2019-15846 =================== PoC materials to exploi...

10CVSS9.8AI score0.35736EPSS

Exploits3

OSV•added 2019/10/07 12:15 p.m.•3 views

CVE-2019-15750

A Cross-Site Scripting XSS vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

6.1CVSS6.5AI score0.01021EPSS

Exploits0References1

Prion•added 2019/10/07 12:15 p.m.•15 views

Cross site scripting

A Cross-Site Scripting XSS vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

4.3CVSS5.9AI score0.01021EPSS

Exploits0References1Affected Software1

Cvelist•added 2019/10/07 11:42 a.m.•13 views

CVE-2019-15750

A Cross-Site Scripting XSS vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

5.9AI score0.01021EPSS

Exploits0References1

CVE•added 2019/10/07 11:42 a.m.•37 views

CVE-2019-15750

The CVE-2019-15750 entry is supported by multiple connected records that confirm a Cross-Site Scripting (XSS) vulnerability in SITOS six Build v6.2.1. The weakness is in the blog feature, where an attacker can supply a crafted id parameter to inject arbitrary web script or HTML. Impact is describ...

6.1CVSS5.9AI score0.01021EPSS

Exploits0References1Affected Software1

Wired Threat Level•added 2019/10/06 11:0 a.m.•64 views

7 Cybersecurity Threats That Can Sneak Up on You

From rogue USB sticks to Chrome extensions gone wild, here is a quick guide to some basic risks you should look out for...

2.8AI score

Exploits0

Wired Threat Level•added 2019/10/04 10:23 p.m.•119 views

A US Election Phishing Attack, Quitting Vaping, and More News

Catch up on the most important news from today in two minutes or less...

2AI score

Exploits0

Kitploit•added 2019/10/01 12:0 p.m.•99 views

CryptonDie - A Ransomware Developed For Study Purposes

CryptonDie is a ransomware developed for study purposes. Options --key key used to encrypt and decrypt files, default is random stringrecommended --dir Home directory for the attack, default is / --encrypt Encrypt all files --decrypt Decrypt all files --verbose Active verbose mode, default is Fal...

7.3AI score

Exploits0References1

Wired Threat Level•added 2019/09/25 6:21 p.m.•68 views

How Trump’s Ukraine Mess Entangled CrowdStrike

A US cybersecurity company became a topic of interest for President Donald Trump in his call with Ukraine’s Volodymyr Zelensky...

3.7AI score

Exploits0

NVD•added 2019/09/21 6:15 p.m.•26 views

CVE-2019-16661

Ogma CMS 0.5 has XSS via creation of a new blog...

5.4CVSS5.3AI score0.00586EPSS

Exploits1References1