Lucene search
K

76 matches found

NVD
NVD
added 2018/10/24 10:29 p.m.44 views

CVE-2018-18551

ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, groupdelete.html group parameter, reportsave.html query parameter, sensors.html...

6.1CVSS6.1AI score0.01058EPSS
Exploits3References2
OSV
OSV
added 2018/10/24 10:29 p.m.7 views

CVE-2018-18551

ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, groupdelete.html group parameter, reportsave.html query parameter, sensors.html...

6.1CVSS5.8AI score0.01058EPSS
Exploits3References2
Openbugbounty
Openbugbounty
added 2016/08/07 11:59 a.m.10 views

festicket.com XSS vulnerability

Vulnerable URL: https://www.festicket.com/festivals/?location=...

6.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/06/12 6:16 p.m.12 views

holidaybeddings.com XSS vulnerability

Vulnerable URL: http://holidaybeddings.com/search.php?location=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3Eproptype=minarea=maxarea=bedrooms=bathrooms=minprice=maxprice= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:|...

6.3AI score
Exploits0
Prion
Prion
added 2015/06/18 6:59 p.m.15 views

Directory traversal

Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. dot dot in the theme parameter and a file path in the location parameter to bonita/portal/themeResource...

5CVSS7AI score0.17681EPSS
Exploits5References3Affected Software1
CNVD
CNVD
added 2015/04/16 12:0 a.m.3 views

OrangeHRM /index.php/leave/getFilteredEmployeeCountAjax location SQL Injection Vulnerability

OrangeHRM is an open source human resource management tools , features include employee data management , employee self-service system , attendance , allowances and recruitment and other functions . OrangeHRM /index.php/leave/getFilteredEmployeeCountAjax fails to correctly filter the 'location' G...

7.5AI score
Exploits0References1
Packet Storm
Packet Storm
added 2015/04/07 12:0 a.m.38 views

WordPress Shareaholic 7.6.0.3 Cross Site Scripting

Exploit Title: Shareaholic 7.6.0.3 XSS Date: 10-11-2014 Software Link: https://wordpress.org/plugins/shareaholic/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ CVE: CVE-2014-9311 Category: webapps 1. Description...

3.5CVSS6.6AI score0.03892EPSS
Exploits5
Prion
Prion
added 2009/06/18 9:30 p.m.16 views

Code injection

Static code injection vulnerability in addreg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted 1 url and 2 location parameter...

10CVSS7.7AI score0.03749EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2009/06/18 9:0 p.m.47 views

CVE-2009-2111

CVE-2009-2111 affects DB Top Sites 1.0, with a vulnerability in the file add_reg.php that allows static code injection . A remote attacker can inject arbitrary PHP code by supplying crafted parameters for the (1) url and (2) location, enabling code execution on the affected system. This is docume...

10CVSS7.4AI score0.03749EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2009/06/18 9:0 p.m.23 views

CVE-2009-2111

Static code injection vulnerability in addreg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted 1 url and 2 location parameter...

7.2AI score0.03749EPSS
Exploits0References4
Prion
Prion
added 2008/04/25 7:5 p.m.12 views

Remote file inclusion

PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter...

7.5CVSS8AI score0.39034EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2008/04/23 1:5 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in AMFPHP 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 class parameter to a methodTable.php, b code.php, and c details.php in browser/; and the 2 location parameter to browser/code.php. NOTE: the provenance of this...

4.3CVSS6AI score0.01211EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2008/04/22 12:0 a.m.50 views

CVE-2008-1917

CVE-2008-1917 describes multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2. The affected components are the browser/ module parameters: (1) class parameter to (a) methodTable.php, (b) code.php, and (c) details.php, and (2) the location parameter to browser/code.php. The CVE notes t...

4.3CVSS5.7AI score0.01211EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2008/01/30 10:0 p.m.32 views

CVE-2008-0488

Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter...

7.5CVSS7.2AI score0.0233EPSS
Exploits1References4
Prion
Prion
added 2006/04/19 4:6 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the 1 LOCATION and 2 URL parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

2.6CVSS6AI score0.01161EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2003/10/06 4:0 a.m.23 views

CVE-2003-0802

Nokia Electronic Documentation NED 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . dot...

5CVSS6.4AI score0.05995EPSS
Exploits1References1
Rows per page
Query Builder