Lucene search
K

138 matches found

OSV
OSV
added 2020/01/15 9:15 p.m.5 views

CVE-2019-15012

Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0...

8.8CVSS6.1AI score0.01598EPSS
Exploits0References1
Prion
Prion
added 2020/01/15 9:15 p.m.15 views

Remote code execution

Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0...

6.5CVSS9AI score0.01598EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/07/09 12:0 a.m.2 views

MiniCMS Cross-Site Scripting Vulnerability (CNVD-2019-23979)

MiniCMS is a content management system CMS designed for personal websites. A cross-site scripting vulnerability exists in the mc-admin/post-edit.php file in MiniCMS version 1.10. The vulnerability stems from the lack of proper validation of client-side data by the WEB application. An attacker can...

4.8CVSS6.4AI score0.00622EPSS
Exploits1References1
0day.today
0day.today
added 2019/04/15 12:0 a.m.65 views

DirectAdmin 1.561 - Multiple Vulnerabilities

Exploit for php platform in category web applications Title: DirectAdmin Multiple Vulnerabilities to Takeover the Server = v1.561 Author: InfinitumIT Vendor Homepage: https://www.directadmin.com/ Version: Up to v1.561. CVE: CVE-2019-11193 email protected && infinitumit.com.tr Description: Multipl...

0.2AI score0.02094EPSS
Exploits5
OpenVAS
OpenVAS
added 2019/02/05 12:0 a.m.64 views

Gitea < 1.6.3 Improper Access Control Vulnerability

Gitea is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitea:gitea"; if...

6.5CVSS6.5AI score0.01107EPSS
Exploits0References2
NVD
NVD
added 2019/02/04 9:29 p.m.14 views

CVE-2019-1000002

Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any"...

6.5CVSS6.5AI score0.01107EPSS
Exploits0References1
Prion
Prion
added 2019/02/04 9:29 p.m.14 views

Improper access control

Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any"...

5.5CVSS6.6AI score0.01107EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2018/11/16 12:0 a.m.355 views

Budabot 4.0 Denial Of Service

4.0 Tested on: 4.0 CVE: CVE-2018-19290 1. Description In modules/HELPBOTMODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified...

9.7AI score0.04048EPSS
Exploits6
OSV
OSV
added 2018/10/29 12:29 p.m.3 views

CVE-2016-10732

ProjectSend formerly cFTP r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?fileid=1, or process-zip-download.php, or adduserform parameters to users-add.php...

9.8CVSS5.8AI score0.01855EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/16 12:0 a.m.3 views

Z-BlogPHP Arbitrary PHP Code Execution Vulnerability

Z-BlogPHP is an open source PHP-based blog system developed by the Z-Blog community. plugin upload component is one of the plugin upload components. A security vulnerability exists in the plugin upload component in Z-BlogPHP version 1.5.1. A remote attacker can exploit this vulnerability by sendi...

7.2CVSS7.7AI score0.01226EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/10 12:0 a.m.2 views

LabWiki Arbitrary PHP File Upload Vulnerability

LabWiki is a meme plugin. A security vulnerability exists in the edit.php file in LabWiki 1.1 and earlier versions, which stems from the program failing to properly validate uploaded user files. A remote attacker can exploit this vulnerability to upload arbitrary PHP files...

8.8CVSS7.2AI score0.05842EPSS
Exploits0References1
CNVD
CNVD
added 2015/07/12 12:0 a.m.2 views

TYPO3 CMS Edit File Metadata Access Bypass Vulnerability

TYPO3 is a free and open source content management system. A security vulnerability in the TYPO3 CMS edit file metadata allows remote attackers to bypass security restrictions and perform unauthorized operations...

6.9AI score
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

autositephp 2.0.3 (lfi/csrf/edit file) Multiple Vulnerabilities

No description provided by source. + AutositePHP v2.0.3 LFI/CSRF/Edit File Multiple Remote Vulnerabilities + Discovered By SirGod + Greetz : All my friends + Download Script : http://sourceforge.net/projects/autositephp/ + Local File Inclusion PoC 1 : http://target/path/index.php?page=users/Local...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2011/02/24 12:0 a.m.13 views

iOS myDBLite 1.1.10 - Directory Traversal

iOS myDBLite 1.1.10 - Directory Traversal Exploit Title : myDBLite v1.1.10 for iPhone / iPod touch, Directory Traversal Date: 02/24/2011 Author: R3d@l3rt, Sp@2K, Sp@2K, Sunlight, H@ckk3y Software Link: http://itunes.apple.com/kr/app/mydb-lite/id335521112?mt=8 Version: 1.1.10 Tested on: iPhone, iP...

0.1AI score
Exploits0
Prion
Prion
added 2009/01/06 5:30 p.m.18 views

Directory traversal

Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the editfile parameter...

5.1CVSS7.3AI score0.02048EPSS
Exploits0References3Affected Software1
seebug.org
seebug.org
added 2008/12/15 12:0 a.m.17 views

AutositePHP 2.0.3 (LFI/CSRF/Edit File) Multiple Remote Vulnerabilities

No description provided by source. + AutositePHP v2.0.3 LFI/CSRF/Edit File Multiple Remote Vulnerabilities + Discovered By SirGod + Greetz : All my friends + Download Script : http://sourceforge.net/projects/autositephp/ + Local File Inclusion PoC 1 : http://target/path/index.php?page=users/Local...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2008/12/14 12:0 a.m.25 views

autositephp 2.0.3 - Local File Inclusion / Cross-Site Request Forgery / Edit File

AutositePHP v2.0.3 LFI/CSRF/Edit File Multiple Remote Vulnerabilities + Discovered By SirGod + Greetz : All my friends + Download Script : http://sourceforge.net/projects/autositephp/ + Local File Inclusion PoC 1 : http://target/path/index.php?page=users/Local File Example 1 :...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/11/27 12:0 a.m.28 views

SimpleBlog &lt;= 2.3 (admin/edit.asp) Remote SQL Injection Vulnerability

No description provided by source. Title : simpleblog = v 2.3 /admin/edit.asp Remote SQL Injection Vulnerability Author : bolivar Dork : "SimpleBlog 2.3 by 8pixel.net" ---------------------------------------------------------------------------...

7.1AI score
Exploits0
Rows per page
Query Builder