Lucene search
K

179 matches found

Cvelist
Cvelist
added 2017/10/16 4:0 a.m.29 views

CVE-2017-15374

Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...

6.3AI score0.04812EPSS
Exploits7References2
exploitpack
exploitpack
added 2017/10/12 12:0 a.m.10 views

E-Sic Software livre CMS - Cross Site Scripting

E-Sic Software livre CMS - Cross Site Scripting Exploit Title: E-Sic Software livre CMS - Cross Site Scripting Date: 12/10/2017 Exploit Author: Elber Tavares fireshellsecurity.team/ Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox...

Exploits0
OSV
OSV
added 2017/01/09 8:59 a.m.4 views

DEBIAN-CVE-2016-10124

An issue was discovered in Linux Containers LXC before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container...

8.6CVSS7AI score0.01531EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/11/14 12:21 p.m.8 views

policycoreutils: SELinux sandbox escape via TIOCSTI ioctl

It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox...

8.8CVSS7.6AI score0.00382EPSS
Exploits0References4
CNVD
CNVD
added 2016/08/03 12:0 a.m.9 views

Multiple Lenovo products remotely vulnerable

Lenovo Wireless Mouse Black and others are among the products in the wireless desktop kit that includes a mouse and keyboard from the Chinese company Lenovo. A remote security vulnerability exists in several Lenovo products, which can be exploited by an attacker to inject keyboard input via the...

6.5CVSS6.9AI score0.01023EPSS
Exploits0References1
OSV
OSV
added 2016/08/02 2:59 p.m.3 views

CVE-2016-6257

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system b...

6.5CVSS5.8AI score0.01023EPSS
Exploits0References4
Cvelist
Cvelist
added 2016/08/02 2:0 p.m.18 views

CVE-2016-6257

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system b...

6.6AI score0.01023EPSS
Exploits0References4
CNVD
CNVD
added 2015/07/28 12:0 a.m.2 views

WordPress Cross-Site Scripting Vulnerability (CNVD-2015-05009)

WordPress is a blogging platform developed using the PHP language. Versions of Wordpress prior to 4.2.3 have a cross-site scripting vulnerability in the implementation that allows users with Contributor or Author privileges to exploit this vulnerability to embed well-constructed HTML, JavaScript,...

6.3AI score
Exploits0References1
Hacker One
Hacker One
added 2015/01/18 10:18 a.m.36 views

Vimeo: Application XSS filter function Bypass may allow Multiple stored XSS

Hi, As i analysed the application behavior and the security structure, i found out that the application is using "Greedy XSS Regex filter" against XSS and removes any the whole string from ''. So i tried some basic bypass which allowed me to insert tags and other characters into the string. Here ...

5.8AI score
Exploits0
OSV
OSV
added 2014/11/24 12:0 a.m.4 views

UBUNTU-CVE-2014-7817

The wordexp function in GNU C Library aka glibc 2.21 does not enforce the WRDENOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$..."...

4.6CVSS7.4AI score0.00578EPSS
Exploits0References4
OSV
OSV
added 2013/12/21 12:55 a.m.3 views

UBUNTU-CVE-2013-7082

Cross-site scripting XSS vulnerability in the errorAction method in the ActionController base class in TYPO3 Flow formerly FLOW3 1.1.x before 1.1.1 and 2.0.x before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message...

4.3CVSS5.9AI score0.01187EPSS
Exploits0References3
w3af
w3af
added 2013/06/10 11:2 p.m.44 views

eval

This plugin finds eval input injection vulnerabilities. These vulnerabilities are found in web applications, when the developer passes user controled data to the eval function. To check for vulnerabilities of this kind, the plugin sends an echo function with two randomized strings as a parameters...

Exploits0
Packet Storm
Packet Storm
added 2012/08/25 12:0 a.m.25 views

Power-IT CMS Cross Site Scripting

Exploit Title: Power-IT Cms Cross Site Scripting Vulnerability Google Dork: intext:"Powered by PowerIT" Date: 08/24/2012 Author: Crim3R Vendor Home : http://www.poweritschools.com/ Tested on: all ====================================== POST DATA /Host: www.ceca-ct.org User-Agent: Mozilla/5.0 Windo...

Exploits0
exploitpack
exploitpack
added 2010/12/24 12:0 a.m.9 views

SquareCMS 0.3.1 - post.php SQL Injection

SquareCMS 0.3.1 - post.php SQL Injection SquareCMS 0.3.1 post.php Remote SQL Injection Vulnerability found by cOndemned vendor: http://spoolio.co.cc/ download: http://webscripts.softpedia.com/script/Content-Management/Square-CMS-66303.html prior versions may also be affected source of post.php...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2010/06/24 12:0 a.m.18 views

Lois Software WebDB 2.0A Script - Multiple SQL Injections

Lois Software WebDB 2.0A Script - Multiple SQL Injections source: https://www.securityfocus.com/bid/41124/info Lois Software WebDB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issu...

8.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/08/06 12:0 a.m.22 views

Perl$hop E-Commerce Input Injection

A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a lot of vulnerabilities for one product. It would seem as if the...

7.4AI score
Exploits0
OSV
OSV
added 2007/10/19 11:17 p.m.6 views

CVE-2007-5589

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...

5.5AI score
Exploits0References17
securityvulns
securityvulns
added 2006/04/13 12:0 a.m.74 views

PatroNet CMS Xss Vuln

----------------------------------- PatroNet CMS Xss Vuln ----------------------------------- Site : http://www.patronet.hu/ Bug : http://victim/"scriptalert/Soot//script ----------------------------------- Source : http://soot.shabgard.org/bugs/PatroNet-CMS.txt Credit : Soot Shabgard Security Te...

7.2AI score
Exploits0
NVD
NVD
added 2004/11/23 5:0 a.m.25 views

CVE-2004-0248

Cross-site scripting vulnerability XSS in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into 1 keywords argument of main.inc.php, 2 body argument of help.inc.php, or 3 the subject field in Personal Messages and Forum...

6.8CVSS6.5AI score0.0149EPSS
Exploits1References5
Rows per page
Query Builder