Lucene search
K

434 matches found

Nuclei
Nuclei
added 11 hours ago52 views

Doctor Appointment System 1.0 - SQL Injection

SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. id: CVE-2021-27314 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: critical description: |...

9.8CVSS7.2AI score0.12394EPSS
Exploits3References3
Nuclei
Nuclei
added 11 hours ago23 views

Doctor Appointment System 1.0 - SQL Injection

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter. id: CVE-2021-27319 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind SQL...

7.5CVSS7.1AI score0.07826EPSS
Exploits3References3
Nuclei
Nuclei
added 11 hours ago24 views

Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion

Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 is susceptible to local file inclusion because of insecure handling of a download function that leads to disclosure of internal files due to path traversal with root privileges. id: CVE-2021-46417 info: name: Franklin Fueling Systems...

7.8CVSS7AI score0.59753EPSS
Exploits7References5
Nuclei
Nuclei
added 11 hours ago44 views

Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion

Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /...." substring. id: CVE-2022-26233 info: name: Barco Control Room Management Suite =2.9...

7.5CVSS7.1AI score0.15028EPSS
Exploits3References5
Nuclei
Nuclei
added 11 hours ago40 views

SINEMA Remote Connect Server < V2.0 - Open Redirect

A vulnerability has been identified in SINEMA Remote Connect Server All versions V2.0. Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. id: CVE-2022-23102...

6.1CVSS6.3AI score0.05265EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago67 views

LiveZilla Server 8.0.1.0 - Cross-Site Scripting

LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting. id: CVE-2019-12962 info: name: LiveZilla Server 8.0.1.0 - Cross-Site Scripting author: Clment Cruchet severity: medium description: | LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting. impact: |...

6.1CVSS6.7AI score0.09052EPSS
Exploits4References5
Nuclei
Nuclei
added 11 hours ago77 views

D-Link DIR-600M - Authentication Bypass

D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page. id: CVE-2019-13101 info: name: D-Link DIR-600M - Authentication...

9.8CVSS7.1AI score0.67091EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago24 views

Mirasys DVMS Workstation <=5.12.6 - Local File Inclusion

Mirasys DVMS Workstation versions 5.12.6 and prior suffer from local file inclusion vulnerabilities. id: CVE-2018-8727 info: name: Mirasys DVMS Workstation =5.12.7 to mitigate the LFI vulnerability. reference: -...

7.5CVSS7.1AI score0.078EPSS
Exploits5References4
Nuclei
Nuclei
added 11 hours ago66 views

YzmCMS v3.6 - Cross-Site Scripting

In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. id: CVE-2018-7653 info: name: YzmCMS v3.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. impact: | Attackers can execute arbitrary JavaScript in...

6.1CVSS6.4AI score0.08861EPSS
Exploits5References5
Nuclei
Nuclei
added 11 hours ago70 views

AxxonSoft Axxon Next - Local File Inclusion

AxxonSoft Axxon Next suffers from a local file inclusion vulnerability. id: CVE-2018-7467 info: name: AxxonSoft Axxon Next - Local File Inclusion author: 0xAkoko severity: high description: AxxonSoft Axxon Next suffers from a local file inclusion vulnerability. impact: | An attacker can read...

7.5CVSS7.1AI score0.10516EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago31 views

Nimble Streamer <=3.5.4-9 - Local File Inclusion

Nimble Streamer 3.0.2-2 through 3.5.4-9 is vulnerable to local file inclusion. An attacker can traverse the file system to access files or directories that are outside of the restricted directory on the remote server. id: CVE-2019-11013 info: name: Nimble Streamer =3.5.4-9 - Local File Inclusion...

6.5CVSS6.7AI score0.23978EPSS
Exploits5References5
Nuclei
Nuclei
added 11 hours ago48 views

Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting

Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript. id: CVE-2019-19368 info: name: Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting author:...

6.1CVSS6.5AI score0.2102EPSS
Exploits5References5
Nuclei
Nuclei
added 11 hours ago12 views

Aptana Jaxer 1.0.3.4547 - Local File inclusion

Aptana Jaxer 1.0.3.4547 is vulnerable to local file inclusion in the wikilite source code viewer. An attacker can read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI. id: CVE-2019-14312 info: name: Aptana Jaxer 1.0.3.4547 - Local File inclusion author: daffainfo...

6.5CVSS6.7AI score0.20586EPSS
Exploits5References5
Nuclei
Nuclei
added 11 hours ago30 views

Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting

Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter. id: CVE-2019-14696 info: name: Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting author: pikpikcu severity: medium description: Open-School 3.0, and...

6.1CVSS6.3AI score0.15439EPSS
Exploits5References5
Nuclei
Nuclei
added 11 hours ago94 views

Zeroshell 3.9.0 - Remote Command Execution

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters. id: CVE-2019-12725 info...

10CVSS7.4AI score0.89849EPSS
Exploits11References5
Nuclei
Nuclei
added 11 hours ago37 views

Linear eMerge E3 - Cross-Site Scripting

Linear eMerge E3-Series devices are vulnerable to cross-site scripting via the 'layout' parameter. id: CVE-2019-7255 info: name: Linear eMerge E3 - Cross-Site Scripting author: arafatansari severity: medium description: | Linear eMerge E3-Series devices are vulnerable to cross-site scripting via...

6.1CVSS6.6AI score0.55807EPSS
Exploits5References5
Nuclei
Nuclei
added 11 hours ago114 views

Satellian Intellian Aptus Web <= 1.24 - Remote Command Execution

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed. id: CVE-2020-7980 info: name: Satellian Intellian Aptus Web...

10CVSS7.4AI score0.82956EPSS
Exploits7References5
Nuclei
Nuclei
added 11 hours ago33 views

Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions such as blocking legitimate instructors. id: CVE-2020-8615 info: name: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Reque...

6.5CVSS6.6AI score0.0883EPSS
Exploits6References5
Nuclei
Nuclei
added 11 hours ago46 views

Xceedium Xsuite <=2.4.4.5 - Local File Inclusion

Xceedium Xsuite 2.4.4.5 and earlier is vulnerable to local file inclusion via opm/readsessionlog.php that allows remote attackers to read arbitrary files in the logFile parameter. id: CVE-2015-4666 info: name: Xceedium Xsuite =2.4.4.5 - Local File Inclusion author: 0xAkoko severity: medium...

5CVSS7.3AI score0.16235EPSS
Exploits5References5
Nuclei
Nuclei
added 11 hours ago43 views

IceWarp Mail Server <11.1.1 - Directory Traversal

IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability. id: CVE-2015-1503 info: name: IceWarp Mail Server 11.1.1 - Directory Traversal author: 0xAkoko severity: high description: IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal...

7.8CVSS7.1AI score0.58722EPSS
Exploits5References5
Rows per page
Query Builder