Lucene search
K

1201 matches found

NVD
NVD
added 2018/06/26 4:29 p.m.22 views

CVE-2018-1000535

lms version = LMS011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability appears to have been fixed in after commit 254765e...

7.5CVSS7.5AI score0.01756EPSS
Exploits1References2
OSV
OSV
added 2018/06/26 4:29 p.m.13 views

CVE-2018-1000535

lms version = LMS011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability appears to have been fixed in after commit 254765e...

7.5CVSS7.7AI score
Exploits0References2
Prion
Prion
added 2018/06/26 4:29 p.m.9 views

Design/Logic Flaw

lms version = LMS011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability appears to have been fixed in after commit 254765e...

5CVSS7.5AI score0.01756EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/06/26 4:0 p.m.21 views

CVE-2018-1000535

lms version = LMS011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability appears to have been fixed in after commit 254765e...

7.5AI score0.01756EPSS
Exploits1References2
Prion
Prion
added 2018/06/12 6:29 p.m.12 views

Sql injection

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter...

7.5CVSS9.8AI score0.0104EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/06/12 6:29 p.m.17 views

CVE-2017-18289

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter...

9.8CVSS9.9AI score0.0104EPSS
Exploits1References1
Prion
Prion
added 2018/06/12 6:29 p.m.17 views

Sql injection

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter...

7.5CVSS9.8AI score0.0104EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/06/12 6:29 p.m.4 views

CVE-2017-18289

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter...

9.8CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2018/06/12 6:29 p.m.7 views

CVE-2017-18290

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sortdirection parameter...

9.8CVSS5.8AI score0.0104EPSS
Exploits1References1
Prion
Prion
added 2018/06/12 6:29 p.m.13 views

Sql injection

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter...

7.5CVSS9.8AI score0.0104EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/06/12 6:0 p.m.20 views

CVE-2017-18288

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter...

9.9AI score0.0104EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/06/12 6:0 p.m.19 views

CVE-2017-18291

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter...

9.9AI score0.0104EPSS
Exploits1References1
CVE
CVE
added 2018/06/12 6:0 p.m.45 views

CVE-2017-18288

The CVE-2017-18288 issue affects PvPGN Stats 2.4.6. A SQL injection exists in ladder/stats.php via the GET game parameter, due to insufficient input filtering in the code. This can allow an attacker to manipulate database queries, potentially accessing sensitive data. The connected Red Hat and CN...

9.8CVSS9.8AI score0.0104EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/06/11 10:29 a.m.12 views

CVE-2018-12090

There is unauthenticated reflected cross-site scripting XSS in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change...

6.1CVSS6.2AI score0.02244EPSS
Exploits3References2
OSV
OSV
added 2018/06/11 10:29 a.m.2 views

CVE-2018-12090

There is unauthenticated reflected cross-site scripting XSS in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change...

6.1CVSS5.8AI score0.02244EPSS
Exploits3References2
Prion
Prion
added 2018/06/11 10:29 a.m.11 views

Cross site scripting

There is unauthenticated reflected cross-site scripting XSS in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change...

4.3CVSS6.2AI score0.02244EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2018/06/11 10:0 a.m.54 views

CVE-2018-12090

LAMS prior to 3.1 is affected by an unauthenticated reflected XSS that allows injection of arbitrary JavaScript via an unsanitized GET parameter in forgotPasswordChange.jsp?key=. This is triggered through remote access without authentication; impact is confined to script execution in the victim’s...

6.1CVSS6.2AI score0.02244EPSS
Exploits3References2Affected Software1
NVD
NVD
added 2018/06/07 2:29 a.m.14 views

CVE-2018-3735

bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template...

6.1CVSS6.1AI score0.00819EPSS
Exploits1References1
OSV
OSV
added 2018/06/07 2:29 a.m.4 views

CVE-2018-3735

bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template...

6.1CVSS5.8AI score0.00819EPSS
Exploits1References1
Prion
Prion
added 2018/06/07 2:29 a.m.11 views

Cross site scripting

bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template...

4.3CVSS6AI score0.00819EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder