Lucene search
K

321 matches found

seebug.org
seebug.org
added 2017/03/06 12:0 a.m.39 views

Joomla! Component OneVote! v1.0 - SQL Injection

Joomla! Component OneVote! v1. 0 - SQL Injection results. in php electionid parameters into the SQL statement exist GET the type of injection Injection point: http://localhost/PATH/components/comonevote/results. php? electionid=SQL union injected payload: +/! 50000union/+select+@@version-- - Test...

7.5AI score
Exploits0
CNVD
CNVD
added 2017/02/23 12:0 a.m.6 views

Munin Local File Write Vulnerability

Munin is a set of network resource monitoring tools. The tool monitors core system resources including memory, disk, CPU usage, server applications and more. A local file write vulnerability exists in Munin versions prior to 2.999.6. An attacker can exploit the vulnerability by setting multiple...

5.5CVSS6.8AI score0.00421EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2017/02/22 7:0 p.m.26 views

CVE-2017-6188

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upperlimit GET parameters allows overwriting any file accessible to the www-data user...

5.5CVSS5.3AI score0.00421EPSS
Exploits0
Prion
Prion
added 2017/02/12 4:59 a.m.13 views

Authorization

An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL. An attacker could execute arbitrary HTML...

4.3CVSS6.4AI score0.00977EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/02/12 4:43 a.m.21 views

CVE-2017-5960

An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL. An attacker could execute arbitrary HTML...

6.5AI score0.00977EPSS
Exploits1References2
CVE
CVE
added 2017/02/12 4:43 a.m.56 views

CVE-2017-5960

CVE-2017-5960 affects Phalcon Eye up to version 0.4.1. The issue stems from insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php, enabling an attacker to cause the browser to execute arbitra...

6.1CVSS6.4AI score0.00977EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2016/10/28 3:59 p.m.3 views

CVE-2016-8583

Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS...

6.1CVSS5.8AI score0.00641EPSS
Exploits1References2
Prion
Prion
added 2016/10/28 3:59 p.m.13 views

Cross site scripting

Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS...

4.3CVSS7AI score0.00641EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2016/10/28 3:0 p.m.25 views

CVE-2016-8583

Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS...

6.2AI score0.00641EPSS
Exploits1References2
Hacker One
Hacker One
added 2016/10/26 7:47 p.m.15 views

Mail.ru: [hs.mail.ru] CRLF Injection / XSS

CRLF injection via GET parameters in hs.mail.ru. hs.mail.ru is not currently covered with bug bounty program...

4.5AI score
Exploits0
seebug.org
seebug.org
added 2016/09/20 12:0 a.m.18 views

Mastery OA /general/ems/manage/search_excel. php file SQL injection vulnerabilities

Width byte injection occurs the position is that PHP sends a request to the MYSQL character set to use the charactersetclient setting a value for an encoding, the GET parameters if it contains“%df%27”, addslashes encoded into‘\’ variable“%df%5c%27”, in MySQL in the processing use the gbk characte...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/09/19 12:0 a.m.41 views

MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities

Exploit for asp platform in category web applications Security Advisory -- Multiple Vulnerabilities - MuM Map Edit Product Vendor: Mensch und Maschine Software SE / Mensch und Maschine acadGraph GmbH Product: MapEdit Affected software version: 3.2.6.0 MuM MapEdit provides geodata to the internet...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2016/07/11 8:45 p.m.70 views

OLX: Reflected XSS in www.olx.ph

Summary === The www.olx.ph domain is vulnerable to reflected XSS through the search function. Proof of concept === The following URL contains a harmless XSS vector, which causes an alert box to appear...

6AI score
Exploits0
Hacker One
Hacker One
added 2016/04/26 6:34 a.m.43 views

Automattic: WordPress Flash XSS in *flashmediaelement.swf*

Intro == WordPress is vulnerable against a reflected XSS that stems from an insecure URL sanitization problem performed in the file flashmediaelement.swf. The code in the file attempts to remove flashVars ¹ in case they have been set GET parameters but fails to do so, enabling XSS via...

6.1AI score
Exploits0
CNVD
CNVD
added 2016/04/24 12:0 a.m.5 views

modified eCommerce SQL Injection Vulnerability

modified eCommerce is an open source store software. Modified eCommerce suffers from a SQL injection vulnerability due to the easybillcsv.php file failing to adequately filter the 'ordersstatus' and 'customersstatus ' GET parameters, allowing remote attackers to submit specially crafted SQL queri...

9.8CVSS8.1AI score0.0373EPSS
Exploits5References1
CNVD
CNVD
added 2016/04/06 12:0 a.m.5 views

Red Hat Network Satellite Cross-Site Scripting Vulnerability (CNVD-2016-01992)

Red Hat Network Satellite RHN Satellite, Red Hat Network Satellite is a set of system management platforms from the American company Red Hat Red Hat. The platform can be used to extend the Linux infrastructure and provide system management functions such as administration, configuration and...

6.1CVSS6AI score0.01175EPSS
Exploits0References1
CNVD
CNVD
added 2016/01/13 12:0 a.m.62 views

Multiple SQL Injection Vulnerabilities in mccart.xls Bitrix Module

Multiple SQL injection vulnerabilities exist in the mccart.xls Bitrix module. Multiple SQL injection vulnerabilities exist in the Bitrix module due to the "xlsprofile" HTTP GET parameter passed to the "/bitrix/admin/mcartxlsimport.php" script; the "/bitrix/admin/mcartxlsimport.php" script; the...

8CVSS8.4AI score0.02731EPSS
Exploits5References1
CNVD
CNVD
added 2015/06/26 12:0 a.m.4 views

Cisco WebEx Meeting Center Information Disclosure Vulnerability (CNVD-2015-04037)

Cisco WebEx Meetings Server is a Cisco meeting center implementation from Cisco. Cisco WebEx Meetings Server fails to properly handle GET parameters, allowing remote attackers to exploit the vulnerability by submitting special requests to obtain sensitive information...

5CVSS6.8AI score0.02628EPSS
Exploits0References1
Zero Science Lab
Zero Science Lab
added 2015/01/07 12:0 a.m.18 views

Zurmo CRM 2.8.5 Multiple Reflected Cross-Site Scripting Vulnerabilities

Summary Zurmo is an Open Source Customer Relationship Management CRM application that is mobile, social, and gamified. Description Zurmo CRM suffers from multiple reflected cross-site scripting vulnerabilities. The issues are triggered when input passed via several GET parameters to several scrip...

6AI score
Exploits0
Metasploit
Metasploit
added 2014/03/28 9:5 p.m.43 views

JBoss Status Servlet Information Gathering

This module queries the JBoss status servlet to collect sensitive information, including URL paths, GET parameters and client IP addresses. This module has been tested against JBoss 4.0, 4.2.2 and 4.2.3. This module requires Metasploit: https://metasploit.com/download Current source:...

5CVSS8AI score0.53728EPSS
Exploits9
Rows per page
Query Builder