Lucene search
K

1201 matches found

Prion
Prion
added 2017/02/21 7:59 a.m.13 views

Sql injection

A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/lists/view-list.php Requires authentication to Wordpress admin with the GET Parameter: filterlist...

6.5CVSS7.8AI score0.05217EPSS
Exploits7References3Affected Software1
NVD
NVD
added 2017/02/21 7:59 a.m.24 views

CVE-2017-6096

A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/lists/view-list.php Requires authentication to Wordpress admin with the GET Parameter: filterlist...

7.2CVSS7.4AI score0.05217EPSS
Exploits7References3
exploitpack
exploitpack
added 2017/02/18 12:0 a.m.87 views

WordPress Plugin Mail Masta 1.0 - SQL Injection

WordPress Plugin Mail Masta 1.0 - SQL Injection Exploit Title: Multiple SQL injection vulnerabilities in Mail Masta aka mail-masta plugin 1.0 for Wordpress. Date: 02/18/2017 Exploit Author: Hanley Shun Vendor Homepage: https://wpcore.com/plugin/mail-masta Software Link:...

7.5CVSS0.5AI score0.05643EPSS
Exploits10
NVD
NVD
added 2017/02/14 6:59 a.m.18 views

CVE-2016-10223

An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in...

5.4CVSS5.7AI score0.0051EPSS
Exploits0References2
Prion
Prion
added 2017/02/14 6:59 a.m.11 views

Design/Logic Flaw

An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in...

3.5CVSS7.3AI score0.0051EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2017/02/12 4:59 a.m.17 views

Authorization

An issue was discovered in contextswurfl for TYPO3 before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the "forceua" HTTP GET parameter passed to the "/contextswurfl/Library/wurfl-dbapi-1.4.4.0/checkwurfl.php" URL. An attacker could execute arbitrary HTM...

4.3CVSS6.4AI score0.00761EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/02/12 4:59 a.m.13 views

CVE-2017-5961

An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tinymce/plugins/codemirror/dialog.php" URL. An attacker could execu...

6.1CVSS6.4AI score0.00985EPSS
Exploits1References2
Prion
Prion
added 2017/02/10 7:59 a.m.16 views

Authorization

An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodllaudiourl" HTTP GET parameter passed to the "filterpoodllmoodle322016112802/poodll/mp3recorderskins/brazil/index.php" URL. An...

4.3CVSS6.4AI score0.00874EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2016/12/19 12:0 a.m.4 views

Arbitrary File Deletion Vulnerability in MOMOCMS

MoMoCMS is an enterprise building system developed by php+MySQL. An arbitrary file deletion vulnerability exists in the MOMOCMS 'unlink' function. Due to obtaining the within to be deleted via $GET'file' allows an attacker to delete database files backed up by the administrator...

7.1AI score
Exploits0
0day.today
0day.today
added 2016/12/13 12:0 a.m.37 views

Smart Guard Network Manager 6.3.2 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SQL Injection In Smart Guard Network Manager Api Date: 03/12/2016 Exploit Author: Rahul Raz Vendor Homepage: http://www.xsinfoways.com/ Software Name: Smart Guard Network Manager Version: 6.3.2 Tested on: Ubuntu Linux...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2016/11/30 12:0 a.m.11 views

WordPress Plugin WP Vault 0.8.6.6 - Local File Inclusion

WordPress Plugin WP Vault 0.8.6.6 - Local File Inclusion Exploit Title: WP Vault 0.8.6.6 – Plugin WordPress – Local File Inclusion Date: 28/11/2016 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/wp-vault/ Software Link: https://wordpress.org/plugins/wp-vault/ Contact:...

7.3AI score
Exploits0
exploitpack
exploitpack
added 2016/09/19 12:0 a.m.54 views

MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities

MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities Security Advisory -- Multiple Vulnerabilities - MuM Map Edit Product Vendor: Mensch und Maschine Software SE / Mensch und Maschine acadGraph GmbH Product: MapEdit Affected software version: 3.2.6.0 MuM MapEdit provides geodata to the internet and...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/09/19 12:0 a.m.46 views

MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities

Security Advisory -- Multiple Vulnerabilities - MuM Map Edit Product Vendor: Mensch und Maschine Software SE / Mensch und Maschine acadGraph GmbH Product: MapEdit Affected software version: 3.2.6.0 MuM MapEdit provides geodata to the internet and intranets and is deployed on several communal and...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2016/07/14 12:48 a.m.32 views

CVE-2016-6209

A user supplied GET parameter is used to create the value used as the src value of an iframe displayed on all pages. It allows for CSRF and javascript insertion techniques among others. An attacker could forge a malicious URL that could include javascript execution in the main browser frame...

6.1CVSS1.4AI score0.01788EPSS
Exploits0References1
seebug.org
seebug.org
added 2016/05/14 12:0 a.m.15 views

图腾软件图书管理系统 /SearchJournalByChar.aspx?QU=0 存在sql注入

漏洞发生在 /SearchJournalByChar.aspx?QU=0 GET参数QU存在报错注入 后台数据库是oracle 测试:...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2016/05/11 5:15 p.m.33 views

Mail.ru: SQL Injection

Добрый день. Из за недостаточной фильтрации GET параметра "email" можно провести атаку типа SQL Injection. Вектор атаки - Error based. PoC вывод версии СУБД https://townwars.mail.ru/?c=Login2&m=Auth&email=1'+and+1=select+version::bigint--&pass=test&saveme=0&origin=0&target=WwwForum вывод данных в...

7.8AI score
Exploits0
CNVD
CNVD
added 2016/05/06 12:0 a.m.1 views

EasyDNNnews Reflective Cross-Site Scripting Vulnerability

EasyDNNnews is a DotNetNuke tool that enables unskilled users to publish as well as manage articles and news. A reflected cross-site scripting vulnerability exists in EasyDNNnnews due to JavaScript being included in the GET parameter name. This allows attackers to exploit the vulnerability to...

6.4AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/04/04 3:35 p.m.32 views

Moderate: Red Hat Security Advisory: spacewalk-java security update

An update for spacewalk-java is now available for Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

6.1CVSS6.2AI score0.01578EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2016/04/04 3:35 p.m.5 views

5: stored and reflected XSS vulnerabilities

Multiple cross-site scripting XSS flaws were found in the way HTTP GET parameter data was handled in Red Hat Satellite. A user able to provide malicious links to a Satellite user could use these flaws to perform XSS attacks against other Satellite users...

6.1CVSS6.2AI score0.01175EPSS
Exploits0References4
wpexploit
wpexploit
added 2016/03/22 12:0 a.m.9 views

Memphis Document Library Plugin <= 3.1.5 - Arbitrary File Download

The function "mdocsimgpreview" is in charge of downloading image previews previously uploaded by the administrator, but it does not sanitize the file path being downloaded, thus, allowing to download arbitrary files in the file system. The vulnerable GET parameter is "mdocs-img-preview". The...

0.9AI score
Exploits0References1
Rows per page
Query Builder