CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3797 matches found

Hacker One•added 2017/01/06 10:4 a.m.•65 views

Snapchat: RTLO char allowed in chat

Hey all, There seems to be no filtering of strange unicode characters such as U+202E which is an Right-To-Left-Override. I can send messages like "Hey check out my new song at example.com/songrtlo3pm.exe" and everyone would see the link as "example.com/songexe.mp3". Links that end with .exe are...

1.5AI score

Exploits0

OpenVAS•added 2017/01/04 12:0 a.m.•42 views

Red Hat JBoss Enterprise Application Platform (EAP) < 6.4.4 Multiple Vulnerabilities

Red Hat JBoss Enterprise Application Platform EAP is prone to multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

5CVSS9.6AI score0.02978EPSS

Exploits0References7

myhack58•added 2016/12/17 12:0 a.m.•55 views

Verizon Webmail client stored XSS vulnerability-vulnerability warning-the black bar safety net

Write in front of words Before that, I had specialized to write a technical article to explain in detail through Verizon Webmial client of server-side vulnerabilities article transfer gate button. But I recently went in this client found some very interesting vulnerabilities, these vulnerabilitie...

0.2AI score

Exploits0

OSV•added 2016/11/25 8:59 p.m.•3 views

CVE-2016-0317

Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

6.5CVSS5.8AI score0.00935EPSS

Exploits0References2

NVD•added 2016/11/25 8:59 p.m.•19 views

CVE-2016-0317

Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

6.5CVSS6.3AI score0.00935EPSS

Exploits0References2

Prion•added 2016/11/25 8:59 p.m.•14 views

Code injection

Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

4.3CVSS7AI score0.00935EPSS

Exploits0References2Affected Software1

Cvelist•added 2016/11/25 8:0 p.m.•20 views

CVE-2016-0317

Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

6.3AI score0.00935EPSS

Exploits0References2

CVE•added 2016/11/25 8:0 p.m.•56 views

CVE-2016-0317

The CVE-2016-0317 issue affects IBM Jazz Reporting Service’s Lifecycle Query Engine (LQE) shipped with Jazz Reporting Service 6.0 and 6.0.1 (prior to 6.0.1 iFix006). The vulnerability enables remote attackers to hijack click actions (clickjacking) via unspecified vectors. The IBM advisory groups ...

6.5CVSS6.4AI score0.00935EPSS

Exploits0References2Affected Software1

CNVD•added 2016/11/22 12:0 a.m.•2 views

MyBB has multiple vulnerabilities (CNVD-2016-11605)

MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. Multiple security vulnerabilities exist in versions of MyBB prior to 1.8.7, including: SQL injecti...

9.8CVSS7.1AI score0.02168EPSS

Exploits0References1

CNVD•added 2016/11/22 12:0 a.m.•1 views

MyBB has multiple vulnerabilities (CNVD-2016-11622)

9.8CVSS7.1AI score0.02116EPSS

Exploits0References1

CNVD•added 2016/11/22 12:0 a.m.•0 views

MyBB has multiple vulnerabilities (CNVD-2016-11623)

9.8CVSS7.1AI score0.02563EPSS

Exploits0References1

CNVD•added 2016/11/22 12:0 a.m.•2 views

MyBB has multiple vulnerabilities (CNVD-2016-11624)