CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

235 matches found

CVE•added 2020/03/23 7:31 p.m.•1084 views

CVE-2020-5722

The Grandstream UCM6200 series (UCM62xx) is affected by CVE-2020-5722: an unauthenticated remote SQL injection via crafted HTTP requests in the HTTP interface, with potential to execute shell commands as root on versions before 1.0.19.20 and to inject HTML in password recovery emails on versions ...

10CVSS9.9AI score0.83646EPSS

In wildExploits8References4Affected Software1

Packet Storm•added 2020/03/02 12:0 a.m.•134 views

Wing FTP Server 6.2.3 Privilege Escalation

Exploit Title: Wing FTP Server 6.2.3 - Privilege Escalation Google Dork: intitle:"Wing FTP Server - Web" Date: 2020-03-02 Exploit Author: Cary Hooper Vendor Homepage: https://www.wftpserver.com Software Link: https://www.wftpserver.com/download/wftpserver-linux-64bit.tar.gz Version: v6.2.3 Tested...

0.6AI score0.00807EPSS

Exploits7

0day.today•added 2020/03/02 12:0 a.m.•118 views

Wing FTP Server 6.2.3 - Privilege Escalation Exploit

7.8CVSS0.5AI score0.00807EPSS

Exploits7

Hacker One•added 2020/02/14 4:28 a.m.•37 views

Ubiquiti Inc.: Readonly to Root Privilege Escalation on EdgeSwitch

An authenticated read-only user can execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. These vulnerabilities were found on EdgeSwitch 1G switch ESWH and EdgeSwitch 10G switch ESGH firmware v1.9.0. The fix for these vulnerabilities were included in the...

9CVSS1.9AI score0.04419EPSS

Exploits0

CNVD•added 2020/02/12 12:0 a.m.•2 views

VideoLAN VLC Media Player Cross-Site Scripting Vulnerability (CNVD-2020-08120)

VideoLAN VLC media player is a free, open source cross-platform multimedia player also a multimedia framework organized by VideoLAN France. The product supports the playback of a variety of media files, CD-ROMs, etc., a variety of audio and video formats WMV, MP3, etc. and so on. A cross-site...

6.1CVSS6.4AI score0.01544EPSS

Exploits1References1

CNVD•added 2020/02/04 12:0 a.m.•1 views

HashiCorp Consul HTTP/RPC services Denial of Service Vulnerability

HashiCorp Consul is a service grid for service discovery, runtime configuration and solutions for microservice applications and infrastructure. A security vulnerability exists in HashiCorp Consul and Consul Enterprise versions 1.6.2 and earlier. An attacker could exploit the vulnerability to caus...

7.5CVSS8.7AI score0.0196EPSS

Exploits0References1

NVD•added 2020/01/31 10:15 p.m.•17 views

CVE-2013-3565

Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...

6.1CVSS6.3AI score0.01544EPSS

Exploits1References4

OSV•added 2020/01/31 10:15 p.m.•4 views

CVE-2013-3565

6.1CVSS6.2AI score

Exploits0References5

UbuntuCve•added 2020/01/31 10:15 p.m.•35 views

CVE-2013-3565

6.1CVSS6.4AI score0.01544EPSS

Exploits1References2

Prion•added 2020/01/31 10:15 p.m.•12 views

Cross site scripting

4.3CVSS6.2AI score0.01544EPSS

Exploits1References4Affected Software2

OSV•added 2020/01/31 10:15 p.m.•0 views

UBUNTU-CVE-2013-3565

6.1CVSS6.5AI score0.01544EPSS

Exploits1References3

CVE•added 2020/01/31 9:39 p.m.•166 views

CVE-2013-3565

CVE-2013-3565 affects VideoLAN VLC Media Player through its HTTP Interface, with multiple XSS vulnerabilities in the web UI. Versions prior to 2.0.7 are affected. An attacker can craft requests to the HTTP endpoints (requests/vlm_cmd.xml, requests/browse.xml) or include a URI in a request, which ...

6.1CVSS6.1AI score0.01544EPSS

Exploits1References4Affected Software1

Cvelist•added 2020/01/31 9:39 p.m.•24 views

CVE-2013-3565

6.2AI score0.01544EPSS

Exploits1References4

Debian CVE•added 2020/01/31 9:39 p.m.•16 views

CVE-2013-3565

6.1CVSS6.3AI score0.01544EPSS

Exploits1

NVD•added 2019/07/02 8:15 p.m.•9 views

CVE-2017-8405

An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called "Authenticate" that indicates whether a user should be...

7.5CVSS7.4AI score0.02656EPSS

Exploits1References3

OSV•added 2019/04/30 9:29 p.m.•3 views

CVE-2019-3927

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to change the admin or...

9.8CVSS7.3AI score0.02167EPSS

Exploits1References1

Prion•added 2019/04/30 9:29 p.m.•13 views

Design/Logic Flaw

5CVSS9.6AI score0.02167EPSS

Exploits1References1Affected Software2

NVD•added 2019/04/30 9:29 p.m.•17 views

CVE-2019-3927

9.8CVSS9.7AI score0.02167EPSS

Exploits1References1

CVE•added 2019/04/30 8:15 p.m.•55 views

CVE-2019-3927

CVE-2019-3927 concerns Crestron AM-100 (firmware 1.6.0.2) and AM-101 (firmware 2.7.0.2). The issue allows anyone to change the administrator or moderator passwords via the OIDs iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2, enabling a remote, unauthenticated attacker to gain a...

9.8CVSS9.5AI score0.02167EPSS

Exploits1References1Affected Software1

Cvelist•added 2019/04/30 8:15 p.m.•18 views

CVE-2019-3927

9.7AI score0.02167EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by