Lucene search
K

434 matches found

Nuclei
Nuclei
added yesterday39 views

Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting

Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/comsunwebui/help/helpwindow.jsp windowTitle parameter. id: CVE-2018-19439 info: name: Oracle Secure Global...

6.1CVSS6.3AI score0.20457EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday26 views

Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion

Zeta Producer Desktop CMS before 14.2.1 is vulnerable to local file inclusion if the plugin "filebrowser" is installed because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal. id: CVE-2018-13980 info: name: Zeta Producer Desktop CMS 14.2.1 - Local File Inclusion author...

5.5CVSS6.8AI score0.06902EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday24 views

Microstrategy Web 7 - Cross-Site Scripting

Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter. id: CVE-2018-18775 info: name: Microstrategy Web 7 - Cross-Site Scripting author: 0xAkoko severity: medium description: Microstrategy Web 7 does not...

6.1CVSS6.3AI score0.06555EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday59 views

SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution

SEOWON INTECH SLC-130 and SLR-120S devices allow remote code execution via the ipAddr parameter to the systemlog.cgi page. id: CVE-2020-17456 info: name: SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution author: gy741,edoardottt severity: critical description: SEOWON INTECH...

9.8CVSS8AI score0.71691EPSS
Exploits8References5
Nuclei
Nuclei
added yesterday35 views

Joomla! Component Arcade Games 1.0 - Local File Inclusion

A directory traversal vulnerability in the Arcade Games comarcadegames component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1714 info: name: Joomla! Component Arcade Games 1.0 - Local File Inclusion autho...

5CVSS6.1AI score0.18703EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday24 views

Joomla! Component Percha Downloads Attach 1.1 - Directory Traversal

A directory traversal vulnerability in the Percha Downloads Attach comperchadownloadsattach component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2037 info: name...

7.5CVSS6.1AI score0.11077EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday64 views

webEdition 6.3.8.0 - Directory Traversal

A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. dot dot in the file parameter. id: CVE-2014-5258 info: name: webEdition 6.3.8.0 - Directory Traversal author: daffainfo severity: medium...

4CVSS6.1AI score0.19764EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday42 views

WordPress Emag Marketplace Connector 1.0 - Cross-Site Scripting

WordPress Emag Marketplace Connector plugin 1.0 contains a reflected cross-site scripting vulnerability because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly. id: CVE-2017-17043 info: name: WordPress Emag...

6.1CVSS6.3AI score0.05096EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday71 views

Bonita BPM Portal <6.5.3 - Local File Inclusion

Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. dot dot in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. id: CVE-2015-3897 info: name: Bonita BPM Portal 6.5.3 - Local File Inclusion author: 0xAkoko severity:...

5CVSS6.6AI score0.17681EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday19 views

Netsweeper 4.0.8 - Directory Traversal

A directory traversal vulnerability in webadmin/reporter/viewserverlog.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. dot dot in the log parameter in a stats action. id: CVE-2014-9609 info: name: Netsweeper...

5.3CVSS6.2AI score0.10619EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday28 views

Netsweeper 4.0.3 - Cross-Site Scripting

A cross-site scripting vulnerability in webadmin/policy/grouptableajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO. id: CVE-2014-9608 info: name: Netsweeper 4.0.3 - Cross-Site Scriptin...

6.1CVSS6.5AI score0.03939EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday46 views

AvantFAX 3.3.3 - Cross-Site Scripting

AvantFAX 3.3.3 contains a cross-site scripting vulnerability via an arbitrary parameter name submitted to the default URL, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. id: CVE-2017-18024 info: name: AvantFAX 3.3.3 - Cross-Site Scripting author: pikpikc...

6.1CVSS6.4AI score0.04531EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday33 views

MooDating 1.2 - Cross-Site Scripting

A vulnerability was found in mooSocial mooDating 1.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /friends/ajaxinvite of the component URL Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. id:...

6.1CVSS3.9AI score0.03648EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday108 views

Copyparty <= 1.8.2 - Directory Traversal

Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the .cpr subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This...

7.5CVSS7AI score0.42828EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday26 views

IceWarp Mail Server <=10.4.4 - Local File Inclusion

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. id: CVE-2019-12593 info: name: IceWarp Mail Server =10.4.4 - Local File Inclusion author: pikpikcu severity: high description: | IceWarp Ma...

7.5CVSS7AI score0.40965EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday38 views

Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion

A directory traversal vulnerability in the JE Form Creator comjeformcr component for Joomla!, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the...

4.3CVSS6.1AI score0.06429EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday58 views

Microsoft SQL Server Reporting Services - Remote Code Execution

Microsoft SQL Server Reporting Services is vulnerable to a remote code execution vulnerability because it incorrectly handles page requests. id: CVE-2020-0618 info: name: Microsoft SQL Server Reporting Services - Remote Code Execution author: joeldeleep severity: high description: Microsoft SQL...

9.8CVSS7.8AI score0.99046EPSS
Exploits14References5
Nuclei
Nuclei
added yesterday70 views

FUDForum 3.1.0 - Cross-Site Scripting

FUDForum 3.1.0 contains a cross-site scripting vulnerability. An attacker can inject JavaScript via index.php in the author parameter, thereby possibly stealing cookie-based authentication credentials and launching other attacks. id: CVE-2021-27520 info: name: FUDForum 3.1.0 - Cross-Site Scriptin...

6.1CVSS6.3AI score0.06396EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday28 views

OpenTSDB <=2.4.0 - Remote Code Execution

OpenTSDB 2.4.0 and earlier is susceptible to remote code execution via the yrange parameter written to a gnuplot file in the /tmp directory. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary...

9.8CVSS7.9AI score0.8533EPSS
Exploits5References3
Nuclei
Nuclei
added yesterday28 views

PHP-Fusion 9.03.50 - Remote Code Execution

PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution. id: CVE-2020-24949 info: name: PHP-Fusion 9.03.50 - Remote Code Execution author: geeknik severity: high description: PHP-Fusion 9.03.50...

9CVSS7.2AI score0.67289EPSS
Exploits4References5
Rows per page
Query Builder