Lucene search
K

64 matches found

CVE
CVE
added 2021/10/25 9:50 p.m.86 views

CVE-2021-41177

The CVE-2021-41177 entry affects Nextcloud Server. The issue is that before versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud did not implement a memory-cache backend for rate-limiting, so components using rate limits (e.g., AnonRateThrottle, UserRateThrottle) were not actually rate-limited on inst...

8.1CVSS7.8AI score0.015EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2021/10/25 12:0 a.m.9 views

PT-2021-23152 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.13 Nextcloud Server versions prior to 21.0.5 Nextcloud Server versions prior to 22.2.0 Description: Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and...

10CVSS6AI score0.02604EPSS
Exploits2References52
NVD
NVD
added 2021/10/05 4:15 p.m.29 views

CVE-2021-41286

Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a...

7.8CVSS0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/10/05 3:30 p.m.26 views

CVE-2021-41286

Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a...

8AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/01/26 12:0 a.m.4 views

ProjectSend Security Vulnerability

ProjectSend formerly cFTP is a suite of self-hosted applications based on PHP and MySQL. ProjectSend before r1295 suffers from a security vulnerability that incorrectly resets passwords due to faulty business logic...

7.5CVSS7.1AI score0.02364EPSS
Exploits2References6
CNVD
CNVD
added 2020/04/22 12:0 a.m.2 views

Heybbs Micro Community in***.php file has a reload vulnerability

Heybbs micro-community is a front-end based on bootstrap + jq + css, back-end php + mysql development of micro-community program. Heybbs micro-community in.php file exists reloading vulnerability. An attacker can use the vulnerability to reset all the data on the website and gain server privilege...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/12/12 12:0 a.m.41 views

openSUSE Security Update : opera (openSUSE-2019-2107)

This update for opera fixes the following issues : Opera was updated to version 63.0.3368.66 : - CHR-7525 Update chromium on desktop-stable-76-3368 to 76.0.3809.132 - DNA-74031 Download indicator doesnt match progress - DNA-77042 Something went wrong message in crypto wallet in private window -...

5.7AI score
Exploits0
CNVD
CNVD
added 2019/09/14 12:0 a.m.6 views

Override access vulnerability in Guojiz web site navigation system

Guojiz website navigation system is a navigation website source code system developed by PHP+MySQL. Guojiz website navigation system has an override access vulnerability that can be exploited by an attacker to change any user's password...

7.1AI score
Exploits0
CNVD
CNVD
added 2019/05/22 12:0 a.m.3 views

File Upload Vulnerability in Acme CMS

Acme CMS is a CMS builder using PHP + Mysql architecture, multi-language, responsive display, suitable for personal website construction. Acme CMS has a file upload vulnerability that can be exploited by attackers to gain server privileges...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/07/26 12:0 a.m.2 views

Code Execution Vulnerability in Gxlcms News System

Gxlcms News System is a news cms content management system developed in php+mysql. Gxlcms news system has a code execution vulnerability that can be exploited by an attacker to execute remote code...

7.9AI score
Exploits0
CNVD
CNVD
added 2016/12/16 12:0 a.m.4 views

Elevation of Privilege Vulnerability in the background of emlog personal blog system

Short for every memory log, emlog is a PHP and MySQL based blog and CMS builder. A privilege elevation vulnerability exists in the background /src/admin/data.php page of the emlog personal blog system. An attacker can exploit the vulnerability to elevate privileges by importing files...

7AI score
Exploits0
PyPA
PyPA
added 2015/06/02 2:59 p.m.8 views

PYSEC-2015-19

The session.flush function in the cacheddb backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key...

5CVSS7AI score0.01748EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2015/03/05 12:0 a.m.5 views

PHP address book has multiple SQL injection and multiple cross-site scripting vulnerabilities

PHP Address Book Address Book is a PHP development of a simple Web-based address book , contact management applications , support groups , addresses , e-mail , telephone numbers and birthday information ; can be exported to vCard and CSV , integrated with Gmail, Google and Yahoo maps , the databa...

4.3CVSS7.4AI score0.02398EPSS
Exploits1References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

Sillaj time tracking tool Authentication Bypass

No description provided by source. Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Sillaj Authentication Bypass Vendor url:http://sillaj.sourceforge.net/ Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

bitweaver 2.8.1 - Multiple Vulnerabilities

No description provided by source. Trustwave SpiderLabs Security Advisory TWSL2012-016: Multiple Vulnerabilities in Bitweaver Published: 10/23/2012 Version: 1.0 Vendor: Bitweaver http://www.bitweaver.org/ Product: Bitweaver Version affected: 2.8.1 and earlier versions Product description: Bitweav...

5CVSS6.2AI score0.52477EPSS
Exploits10
Fedora
Fedora
added 2012/04/18 10:55 p.m.25 views

[SECURITY] Fedora 17 Update: gallery2-2.3.2-2.fc17

The base Gallery 2 installation - the equivalent of upstream's -minimal package. This package requires a database to be operational. Acceptable database backends include MySQL v 3.x, MySQL v 4.x, PostgreSQL v 7.x, PostgreSQL v 8.x, Oracle 9i, Oracle 10g, DB2, and MS SQL Server. All given package...

4.3CVSS3.3AI score0.01674EPSS
Exploits0
Packet Storm
Packet Storm
added 2010/07/13 12:0 a.m.30 views

Sillaj Time Tracking Tool SQL Injection

Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Sillaj Authentication Bypass Vendor url:http://sillaj.sourceforge.net/ Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j. Special Greetz: Topsecure.net, inj3ct...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2010/07/10 12:0 a.m.40 views

Sillaj time tracking tool - Authentication Bypass

Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Sillaj Authentication Bypass Vendor url:http://sillaj.sourceforge.net/ Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j. Special Greetz: Topsecure.net, inj3ct...

7.4AI score
Exploits0
OSV
OSV
added 2009/06/08 12:0 a.m.30 views

DSA-1813-1 evolution-data-server - several vulnerabilities

Bulletin has no description...

7.5CVSS6.2AI score0.03312EPSS
Exploits2
Fedora
Fedora
added 2008/06/20 7:15 p.m.36 views

[SECURITY] Fedora 9 Update: gallery2-2.2.5-1.fc9

The base Gallery 2 installation - the equivalent of upstream's -minimal package. This package requires a database to be operational. Acceptable database backends include MySQL v 3.x, MySQL v 4.x, PostgreSQL v 7.x, PostgreSQL v 8.x, Oracle 9i, Oracle 10g, DB2, and MS SQL Server. All given package...

7.5CVSS3.3AI score0.01698EPSS
Exploits0
Rows per page
Query Builder