CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7736 matches found

CISA•added 2014/04/17 12:0 a.m.•8 views

Security Update for Chrome OS

Google has released Chrome 34.0.1847.120 for all Chrome OS devices, except HP Chromebook Pavillion, to address multiple bug fixes, security updates, and feature enhancements. Users and administrators are encouraged to review the Google Chrome release blog entry for additional details. This produc...

6.9AI score

Exploits0References1

Prion•added 2014/04/04 2:55 p.m.•8 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 notify or 2 blog parameter...

4.3CVSS6.2AI score0.09165EPSS

Exploits1References2Affected Software1

ThreatPost•added 2014/03/24 3:22 p.m.•10 views

Hootsuite Recovers from Denial of Service Attack

Social media management system Hootsuite recovered rapidly from a denial of service DoS attack late last week, bouncing back after being offline for a few hours Thursday morning. During that time, starting around 9:45 a.m. EST., users of the site were unable to use the service after a malicious...

1.2AI score

Exploits0References3

ThreatPost•added 2014/03/19 11:0 a.m.•12 views

Full Disclosure Security Mailing List Shuts Down

The Full Disclosure security mailing list, which has been one of the main discussion forums for vulnerability and exploit information for 12 years, is shutting down because “‘one of our own’ would undermine the efforts of the last 12 years”, one of the creators said. John Cartwright, one of the...

7.3AI score

Exploits0References3

Hacker One•added 2014/03/18 1:33 p.m.•18 views

MoneyStream: Here is another XSS i got for you

I ve verified it and it does trigger a JS alert POST /blog/ HTTP/1.1 Host: moneystream.com Accept: / Accept-Language: en User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0 Connection: close Referer: https://moneystream.com/blog/ Cookie:...

1.1AI score

Exploits0

CISA•added 2014/03/18 12:0 a.m.•17 views

Google Releases Security Updates for Chrome

Google has released security updates to address multiple vulnerabilities in Chrome. Some of these vulnerabilities may lead to memory corruption or arbitrary code execution. Updates available include: Chrome 33.0.1750.154 for Windows. Chrome 33.0.1750.152 for Mac and Linux. Chrome 33.0.1750.152 fo...

7.7AI score

Exploits0References3

0day.today•added 2014/03/14 12:0 a.m.•42 views

Synology DSM 4.3-3827 (article.php) - Blind SQL Injection Vulnerability

Synology DSM versions 4.3-3827 and below suffer from a remote blind SQL injection vulnerability. Title: Synology DSM Blind SQL Injection Version affected: :80/ Cookie: PHPSESSID=; visitday= Host: Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64...

8.1AI score

Exploits0

CISA•added 2014/03/12 12:0 a.m.•10 views

Google Releases Chrome Update

Google has released Google Chrome 33.0.1750.149 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to compromise a vulnerable system. US-CERT encourages users and administrators to review the Google Chrome release blog ent...

6.8AI score

Exploits0References1

Hacker One•added 2014/03/10 12:3 p.m.•20 views

Phabricator: OAuth access_token stealing in Phabricator

Hi, I found that an attacker is able to steal accesstokens of facebook users via Phabricator App 184510521580034. when users login to phabricator, they can choose to login via Facebook https://secure.phabricator.com/login/ attaching pic, In this case an attacker is able to exploit this behavior t...

1.5AI score

Exploits0

CISA•added 2014/03/05 12:0 a.m.•7 views

Google Releases Update for Chrome

Google has released Google Chrome 33.0.1750.146 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to compromise a vulnerable system. US-CERT encourages users and administrators to review the Google Chrome Release blog ent...

6.8AI score

Exploits0References1

Packet Storm•added 2014/03/03 12:0 a.m.•41 views

Joomla 3.2.2 Cross Site Scripting

============================================================== Title ...| Persistent pre-auth XSS in Joomla Version .| Joomla 3.2.2 Date ....| 3.03.2014 Found ...| HauntIT Blog Home ....| http://www.joomla.org ==============================================================...

0.1AI score

Exploits0

Packet Storm•added 2014/03/03 12:0 a.m.•24 views

Welcart e-Commerce usc-e-shop.1.3.12 XSS / SQL Injection

============================================================== Title ...| SQL Injection in Welcart e-Commerce Version .| usc-e-shop.1.3.12 Date ....| 3.03.2014 Found ...| HauntIT Blog Home ....| http://wordpress.org/plugins/ ==============================================================...

0.3AI score

Exploits0

Packet Storm•added 2014/03/02 12:0 a.m.•18 views

MantisBT 1.2.16 SQL Injection

============================================================== Title ...| MantisBT 1.2.16 Version .| 1.2.16 Date ....| 28.02.2014 Found ...| HauntIT Blog Home ....| http://www.mantisbt.org ============================================================== + for authorized user...

7.4AI score

Exploits0

Packet Storm•added 2014/02/28 12:0 a.m.•22 views

doorGets 6.0 Cross Site Scripting

============================================================== Title ...| doorGets 6.0 Multiple vulnerabilities Version .| doorGets 6.0 Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| http://sourceforge.net ==============================================================...

0.2AI score

Exploits0

exploitpack•added 2014/02/28 12:0 a.m.•16 views

PHP-CMDB 0.7.3 - Multiple Vulnerabilities

PHP-CMDB 0.7.3 - Multiple Vulnerabilities ============================================================== Title ...| Multiple vulnerabilities in PHP-CMDB Version .| php-cmdb0.7.3 Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| ==============================================================...

0.5AI score

Exploits0

exploitpack•added 2014/02/28 12:0 a.m.•10 views

webERP 4.11.3 - SalesInquiry.php?SortBy SQL Injection

0.3AI score

Exploits0

exploitpack•added 2014/02/28 12:0 a.m.•24 views

PHP Ticket System Beta 1 - get_all_created_by_user.php?id SQL Injection

0.3AI score

Exploits0

Exploit DB•added 2014/02/28 12:0 a.m.•41 views

PHP Ticket System Beta 1 - 'get_all_created_by_user.php?id' SQL Injection

============================================================== Title ...| PHP Ticket System SQL Injection Version .| BETA1.zip Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| http://sourceforge.net/projects/phpticketsystem/ ==============================================================...

7AI score

Exploits0

Packet Storm•added 2014/02/28 12:0 a.m.•24 views

EPESI CRM 1.5.5 Cross Site Scripting

============================================================== Title ...| EPESI CRM vulnerable to persistent XSS Version .| epesi-1.5.5-20140113.zip Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| http://epe.si/download ==============================================================...

7.4AI score

Exploits0

Packet Storm•added 2014/02/27 12:0 a.m.•21 views

Moodle 2.6.1 Cross Site Scripting

============================================================== Title ...| Moodle 2.6.1 Version .| Feb 27 2014 moodle-latest-26.zip Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| http://download.moodle.org ============================================================== + From admin user:...

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by