Lucene search
K

42 matches found

OSV
OSV
added 2021/04/22 3:15 a.m.15 views

CVE-2021-31550

An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers...

5.4CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/04/22 12:0 a.m.4 views

PT-2021-19421 · Mediawiki +1 · Commentbox Extension +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.2 CommentBox extension for MediaWiki versions through 1.35.2 Description: An issue was discovered that allows a malicious actor to introduce XSS payloads into various layers via crafted configuration variables...

9.8CVSS6.1AI score0.03832EPSS
Exploits18References74
CNNVD
CNNVD
added 2021/04/21 12:0 a.m.7 views

MediaWiki 跨站脚本漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems fr...

5.4CVSS5.1AI score0.0045EPSS
Exploits0References4
NVD
NVD
added 2020/10/02 9:15 a.m.17 views

CVE-2020-12126

Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint...

9.8CVSS0.0129EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/07/02 5:15 p.m.2 views

CVE-2020-15082

In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6...

8.8CVSS8.2AI score0.01214EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2020/07/02 5:15 p.m.19 views

Security feature bypass

In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6...

7.5CVSS8.5AI score0.01214EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/07/02 4:50 p.m.109 views

CVE-2020-15082

CVE-2020-15082 affects PrestaShop: versions 1.6.0.1 through prior to 1.7.6.6 permit rewriting all configuration variables via the dashboard due to an underlying issue. The vulnerability is fixed in 1.7.6.6. Public references from NVD and Red Hat corroborate this fixed version, with CVSS scores in...

8.8CVSS7.7AI score0.01214EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:9 a.m.19 views

Security Bulletin: A Security Vulnerability, exists in the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software (CVE-2015-1835)

Summary A security vulnerability, CVE-2015-1835, has been discovered that affects the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2015-1835 DESCRIPTION: The Apache Cordova could allow a remote attacker to...

5.3CVSS0.7AI score0.05911EPSS
Exploits1Affected Software1
Kitploit
Kitploit
added 2016/04/06 10:30 p.m.32 views

Brosec - An interactive reference tool to help security professionals utilize useful payloads and commands

Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful yet sometimes complex payloads and commands that are often used during work as infosec practitioners. An example of one of Brosec's most popular use cases is the ability to generate on the fly...

7.4AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2015/10/30 10:12 a.m.25 views

CVE-2007-5900

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through phpadminvalue or phpadminflag in httpd.conf by using iniset to modify arbitrary configuration variables, a different issue than CVE-2006-4625...

6.9CVSS7.1AI score0.00908EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2013/12/17 12:0 a.m.13 views

Fedora Update for php-symfony2-Routing FEDORA-2013-22422

Check for the Version of php-symfony2-Routing OpenVAS Vulnerability Test Fedora Update for php-symfony2-Routing FEDORA-2013-22422 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

5CVSS6.3AI score0.01868EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2013/02/28 12:0 a.m.11 views

Nmap NSE 6.01: ntp-info

Gets the time and configuration variables from an NTP server. We send two requests: a time request and a 'read variables' opcode 2 control message. Without verbosity, the script shows the time and the value of the 'version', 'processor', 'system', 'refid', and 'stratum' variables. With verbosity,...

7.3AI score
Exploits0
myhack58
myhack58
added 2011/08/12 12:0 a.m.40 views

About Dedecms variable coverage exploits-vulnerability warning-the black bar safety net

Someone recently broke the dedecms variable coverage holes,it is also a quite interesting vulnerability, and in some cases dedecms this variable vulnerability to exist for so long in some people are many years,about six months ago I also independently discovered by 本文 [email protected] Write ...

0.7AI score
Exploits0
Nmap
Nmap
added 2009/12/12 10:42 p.m.1686 views

ntp-info NSE Script

Gets the time and configuration variables from an NTP server. We send two requests: a time request and a "read variables" opcode 2 control message. Without verbosity, the script shows the time and the value of the version, processor, system, refid, and stratum variables. With verbosity, all...

10CVSS0.1AI score0.99448EPSS
Exploits33
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.29 views

Gentoo Security Advisory GLSA 200407-22 (dev-db/phpmyadmin)

The remote host is missing updates announced in advisory GLSA 200407-22. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

7.5CVSS0.5AI score0.09353EPSS
Exploits2
0day.today
0day.today
added 2008/08/31 12:0 a.m.19 views

Words tag script 1.2 (word) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================== Words tag script 1.2 word Remote SQL Injection Vulnerability ============================================================== || | | Words tag script v1.2 word Remote SQL Injecti...

7.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2007/11/20 6:46 p.m.36 views

CVE-2007-5900

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through phpadminvalue or phpadminflag in httpd.conf by using iniset to modify arbitrary configuration variables, a different issue than CVE-2006-4625...

6.9CVSS6AI score0.0034EPSS
Exploits0References2
NVD
NVD
added 2007/11/20 6:46 p.m.20 views

CVE-2007-5900

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through phpadminvalue or phpadminflag in httpd.conf by using iniset to modify arbitrary configuration variables, a different issue than CVE-2006-4625...

6.9CVSS6.2AI score0.0034EPSS
Exploits0References10
Cvelist
Cvelist
added 2007/11/20 6:0 p.m.23 views

CVE-2007-5900

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through phpadminvalue or phpadminflag in httpd.conf by using iniset to modify arbitrary configuration variables, a different issue than CVE-2006-4625...

9AI score0.0034EPSS
Exploits0References10
NVD
NVD
added 2006/08/08 11:4 p.m.18 views

CVE-2006-3584

Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables...

7.5CVSS6.7AI score0.01484EPSS
Exploits0References5
Rows per page
Query Builder