Lucene search
K

903 matches found

Cvelist
Cvelist
added 2020/11/05 1:18 a.m.55 views

CVE-2020-27387

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload which will receiv...

9.2AI score0.18461EPSS
Exploits4References4
Zero Science Lab
Zero Science Lab
added 2020/10/18 12:0 a.m.183 views

ReQuest Serious Play F3 Media Server 7.0.3 Remote Denial of Service

Summary F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease. Description The device can be shutdown or rebooted by an unauthenticated attacke...

8.7CVSS5.8AI score0.00425EPSS
Exploits1
NVD
NVD
added 2020/09/17 5:15 p.m.25 views

CVE-2020-11804

An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request...

8.8CVSS0.07107EPSS
Exploits3References5
Prion
Prion
added 2020/09/17 5:15 p.m.16 views

Code injection

An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request...

6.5CVSS8.7AI score0.07107EPSS
Exploits3References5Affected Software1
Cvelist
Cvelist
added 2020/09/17 4:26 p.m.18 views

CVE-2020-11804

An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request...

8.9AI score0.07107EPSS
Exploits3References5
Prion
Prion
added 2020/08/04 4:15 p.m.16 views

Design/Logic Flaw

IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539...

4CVSS4.3AI score0.00988EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2020/08/04 4:0 p.m.45 views

CVE-2020-4410

CVE-2020-4410 affects IBM Jazz Foundation and IBM Engineering products, enabling an authenticated user to read attachments they should not access via a specially crafted HTTP GET request. Public details from IBM bulletin and CNVD corroborate an information-disclosure flaw in IBM Engineering Test ...

4.3CVSS5.1AI score0.00988EPSS
Exploits0References2Affected Software2
OpenVAS
OpenVAS
added 2020/08/03 12:0 a.m.18 views

D-Link DAP-1522 Authentication Bypass Vulnerability (CVE-2020-15896)

The D-Link DAP-1522 is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

7.5CVSS7.7AI score0.0172EPSS
Exploits0References2
0day.today
0day.today
added 2020/07/23 12:0 a.m.468 views

UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Vulnerability

Exploit for hardware platform in category web applications Title: UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Author: LiquidWorm Product web page: http://www.medivision.co.kr CVE: N/A Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/23 12:0 a.m.485 views

UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass

Title: UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Date: 2020-07-23 Author: LiquidWorm Product web page: http://www.medivision.co.kr CVE: N/A Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr Affected version: Firmware 1.5.1 2013.01.3...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/20 12:0 a.m.443 views

UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation

UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation Through Authorization Bypass Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr Affected version: Firmware 1.5.1 2013.01.3 Summary: Medivision is a service that provides everything from DID operatio...

0.3AI score
Exploits0
NVD
NVD
added 2020/06/20 1:15 p.m.15 views

CVE-2020-14932

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...

9.8CVSS0.01431EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/06/20 1:15 p.m.33 views

CVE-2020-14932

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...

9.8CVSS7.2AI score0.01431EPSS
Exploits0References2
Prion
Prion
added 2020/06/20 1:15 p.m.17 views

Design/Logic Flaw

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...

7.5CVSS9.4AI score0.01431EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/20 12:7 p.m.18 views

CVE-2020-14932

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...

9.4AI score0.01431EPSS
Exploits0References1
NVD
NVD
added 2020/04/06 10:15 p.m.12 views

CVE-2020-11590

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name...

5.3CVSS5.3AI score0.00963EPSS
Exploits1References1
Prion
Prion
added 2020/04/06 10:15 p.m.17 views

Design/Logic Flaw

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths...

5CVSS5.3AI score0.00963EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/04/06 10:15 p.m.13 views

Cross site request forgery (csrf)

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name...

5CVSS5.3AI score0.00963EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/04/06 9:34 p.m.13 views

CVE-2020-11590

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name...

5.4AI score0.00963EPSS
Exploits1References1
0day.today
0day.today
added 2020/03/10 12:0 a.m.117 views

Nagios XI - Authenticated Remote Command Execution Exploit

This Metasploit module exploits a vulnerability in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the serve...

9.3AI score0.77741EPSS
Exploits13
Rows per page
Query Builder