CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7210 matches found

exploitpack•added 2018/01/21 12:0 a.m.•62 views

CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities

CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities Document Title: =============== CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1836 Release Date: ============= 2018-01-19...

0.3AI score

Exploits0

Packet Storm•added 2018/01/20 12:0 a.m.•41 views

CentOS Web Panel 0.9.8.12 Cross Site Scripting

Document Title: =============== CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1835 Release Date: ============= 2018-01-17 Vulnerability Laboratory ID VL-ID:...

7.1AI score

Exploits0

Vulnerability Lab•added 2018/01/17 12:0 a.m.•104 views

CentOS Web Panel v0.9.8.12 - CS Cross Site Vulnerabilities

Document Title: =============== CentOS Web Panel v0.9.8.12 - CS Cross Site Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1835 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5961 CVE-ID: ======= CVE-2018-5961 Release Date:...

4.3CVSS6.5AI score0.02681EPSS

Exploits3

NVD•added 2018/01/14 4:29 a.m.•21 views

CVE-2018-5696

The iJoomla comadagency plugin 6.0.9 for Joomla! allows SQL injection via the advertiserstatus and statusselect parameters to index.php...

9.8CVSS9.9AI score0.01484EPSS

Exploits3References1

Prion•added 2018/01/12 9:29 a.m.•21 views

Design/Logic Flaw

Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter...

7.5CVSS9.4AI score0.02133EPSS

Exploits0References1Affected Software1

Cvelist•added 2018/01/12 9:0 a.m.•20 views

CVE-2018-5377

Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter...

9.5AI score0.02133EPSS

Exploits0References1

OSV•added 2018/01/10 5:29 p.m.•4 views

CVE-2017-16514

Multiple persistent stored Cross-Site-Scripting XSS vulnerabilities in the files /wb/admin/admintools/tool.php Droplet Description and /install/index.php Site Title in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in t...

6.1CVSS5.8AI score0.00632EPSS

Exploits0References1

Debian CVE•added 2018/01/05 8:0 p.m.•14 views

CVE-2018-5249

Cross-site scripting XSS vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field aka the login parameter to the bancanLogin function in index.php...

6.1CVSS6.2AI score0.015EPSS

Exploits0

CVE•added 2018/01/05 8:0 p.m.•42 views

CVE-2018-5249

Shaarli contains a Cross-site scripting (XSS) vulnerability in versions prior to 0.8.5 and 0.9.x prior to 0.9.3. An attacker can inject arbitrary code via the login form’s username field (the ban_canLogin parameter in index.php). The issue is addressed in Shaarli v0.9.3 and v0.8.5 releases refere...

6.1CVSS6.1AI score0.015EPSS

Exploits0References3Affected Software1

Prion•added 2017/12/30 4:29 a.m.•14 views

Server side request forgery (ssrf)

Biometric Shift Employee Management System has XSS via the LastName parameter in an index.php?user=ajax request...

3.5CVSS5.2AI score0.00537EPSS

Exploits1References1Affected Software1

Prion•added 2017/12/30 4:29 a.m.•12 views

Cross site request forgery (csrf)

Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=additiondeduction request...

3.5CVSS5.2AI score0.00537EPSS

Exploits1References1Affected Software1

NVD•added 2017/12/30 4:29 a.m.•23 views

CVE-2017-17995

Biometric Shift Employee Management System has XSS via the LastName parameter in an index.php?user=ajax request...

5.4CVSS5.3AI score0.00537EPSS

Exploits1References1

NVD•added 2017/12/30 4:29 a.m.•15 views

CVE-2017-17989

Biometric Shift Employee Management System has XSS via the index.php holidayname parameter in an editholiday action...

5.4CVSS5.3AI score0.00537EPSS

Exploits1References1

NVD•added 2017/12/30 4:29 a.m.•12 views

CVE-2017-17992

Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php formfilename parameter in a downloadform action...

9.8CVSS9.4AI score0.01744EPSS

Exploits1References1

Cvelist•added 2017/12/30 4:0 a.m.•15 views

CVE-2017-17989

Biometric Shift Employee Management System has XSS via the index.php holidayname parameter in an editholiday action...

5.3AI score0.00537EPSS

Exploits1References1

Cvelist•added 2017/12/30 4:0 a.m.•11 views

CVE-2017-17990

Biometric Shift Employee Management System has CSRF via index.php in an editholiday action...

8.8AI score0.00505EPSS

Exploits1References1

Cvelist•added 2017/12/30 4:0 a.m.•13 views

CVE-2017-17991

Biometric Shift Employee Management System has XSS via the expensename parameter in an index.php?user=expenses request...

5.3AI score0.00537EPSS

Exploits1References1

Cvelist•added 2017/12/30 4:0 a.m.•16 views

CVE-2017-17993

Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=additiondeduction request...

5.3AI score0.00537EPSS

Exploits1References1

CVE•added 2017/12/30 4:0 a.m.•48 views

CVE-2017-17995

Biometric Shift Employee Management System is affected by a stored/reflected XSS via the Last_Name parameter in the index.php?user=ajax request. The issue, reported across multiple sources (NVD/CNVD/CVELIST, etc.), is caused by improper sanitization of user-supplied input leading to script inject...

5.4CVSS5.2AI score0.00537EPSS

Exploits1References1Affected Software1

CVE•added 2017/12/30 4:0 a.m.•45 views

CVE-2017-17989

The vulnerability described for CVE-2017-17989 affects the Biometric Shift Employee Management System. The issue is a Cross-Site Scripting (XSS) flaw that can be triggered via the index.php holiday_name parameter in the edit_holiday action. According to the available data, this is the scope, with...

5.4CVSS5.2AI score0.00537EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by