CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1284 matches found

UbuntuCve•added 2014/11/24 11:59 a.m.•16 views

CVE-2014-7848

lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message...

5CVSS5.9AI score0.02118EPSS

Exploits0References2

Cvelist•added 2014/11/24 11:0 a.m.•25 views

CVE-2014-7848

5.9AI score0.02118EPSS

Exploits0References4

NVD•added 2014/11/20 1:55 p.m.•14 views

CVE-2014-8997

Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/...

7.5CVSS7.7AI score0.09133EPSS

Exploits1References3

Prion•added 2014/11/20 1:55 p.m.•11 views

Unrestricted file upload

7.5CVSS8.2AI score0.09133EPSS

Exploits1References3Affected Software1

Prion•added 2014/11/05 11:55 a.m.•15 views

Authentication flaw

The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL...

7.5CVSS7.5AI score0.01802EPSS

Exploits0References2Affected Software1

Prion•added 2014/11/01 10:55 a.m.•19 views

Design/Logic Flaw

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remot...

3.3CVSS7.5AI score0.01204EPSS

Exploits1References1Affected Software10

Cvelist•added 2014/10/23 2:0 p.m.•20 views

CVE-2014-8072

The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin...

5.9AI score0.0176EPSS

Exploits2References3

ATTACKERKB•added 2014/09/12 2:55 p.m.•4 views

CVE-2014-2009

The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log...

5CVSS5.5AI score0.0741EPSS

Exploits5References7

Prion•added 2014/09/11 3:55 p.m.•14 views

Unrestricted file upload

Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/...

6.5CVSS7.8AI score0.7089EPSS

Exploits11References8Affected Software1

Prion•added 2014/09/11 2:16 p.m.•15 views

Unrestricted file upload

Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it i...

7.5CVSS7.9AI score0.10024EPSS

Exploits3References6Affected Software1

NVD•added 2014/09/04 5:55 p.m.•32 views

CVE-2014-5377

ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request...

5CVSS6.4AI score0.57475EPSS

Exploits8References10

Prion•added 2014/09/04 5:55 p.m.•25 views

Server side request forgery (ssrf)

ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request...

5CVSS6.9AI score0.57475EPSS

Exploits8References10Affected Software1

Cvelist•added 2014/09/04 5:0 p.m.•40 views

CVE-2014-5377

ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request...

6.4AI score0.57475EPSS

Exploits8References10

WPVulnDB•added 2014/08/01 10:59 a.m.•11 views

Feather12 - Multiple Script Direct Request Path Disclosure

The feather12 WordPress theme was affected by a Multiple Script Direct Request Path Disclosure security vulnerability...

1.5AI score

Exploits0References1Affected Software1

WPVulnDB•added 2014/08/01 10:59 a.m.•15 views

Studio Zen - Multiple Script Direct Request Path Disclosure

The studiozen WordPress theme was affected by a Multiple Script Direct Request Path Disclosure security vulnerability...

6.9AI score

Exploits0References1Affected Software1

WPVulnDB•added 2014/08/01 10:59 a.m.•6 views

Imperial Fairytale - Multiple Script Direct Request Path Disclosure

The imperial-fairytale WordPress theme was affected by a Multiple Script Direct Request Path Disclosure security vulnerability...

2AI score

Exploits0References1Affected Software1

WPVulnDB•added 2014/08/01 10:59 a.m.•212 views

Paid Memberships Pro 1.4.7 - adminpages/memberslist-csv.php Direct Request Member Personal Information Disclosure

The Paid Memberships Pro WordPress plugin was affected by an adminpages/memberslist-csv.php Direct Request Member Personal Information Disclosure security vulnerability...

2AI score

Exploits0Affected Software1

WPVulnDB•added 2014/08/01 10:59 a.m.•11 views

Dewplayer <= 1.2 - dewplayer.php Direct Request Path Disclosure Weakness

The dewplayer-flash-mp3-player WordPress plugin was affected by a dewplayer.php Direct Request Path Disclosure Weakness security vulnerability...

1.3AI score

Exploits0References1Affected Software1

WPVulnDB•added 2014/08/01 10:59 a.m.•8 views

Q and A - Multiple Scripts Direct Request Path Disclosure

The q-and-a WordPress plugin was affected by a Multiple Scripts Direct Request Path Disclosure security vulnerability...

1.6AI score

Exploits0Affected Software1