Lucene search
K

187 matches found

Veracode
Veracode
added 2018/11/20 4:45 a.m.17 views

Information Disclosure

insight-api is vulnerable to information disclosure. An input validation vulnerability in the transaction broadcast endpoint allows a remote attacker to retrieve full path information, enabling the adversary to plan and execute further attacks...

5.3CVSS5.2AI score0.01186EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/10/02 6:29 p.m.3 views

CVE-2018-17884

XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook gwolle-gb plugin before 2.5.4 for WordPress via the PATHINFO to wp-admin/index.php...

6.1CVSS5.8AI score0.01212EPSS
Exploits1References3
OSV
OSV
added 2018/09/07 5:29 a.m.3 views

CVE-2018-16655

Gxlcms 1.0 has XSS via the PATHINFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php...

6.1CVSS5.8AI score0.0073EPSS
Exploits1References2
CNVD
CNVD
added 2018/07/17 12:0 a.m.4 views

WolfSight CMS SQL Injection Vulnerability

WolfSight CMS is a content management system. The system features news management, e-commerce management, payment management and document editing. A SQL injection vulnerability exists in WolfSight CMS version 3.2. A remote attacker can exploit this vulnerability by sending PATHINFO to the default...

9.8CVSS10AI score0.01587EPSS
Exploits1References1
OSV
OSV
added 2018/07/12 7:29 p.m.4 views

CVE-2018-14012

WolfSight CMS 3.2 allows SQL injection via the PATHINFO to the default URI...

9.8CVSS5.8AI score0.01587EPSS
Exploits1References1
OSV
OSV
added 2018/03/01 5:29 p.m.5 views

CVE-2018-2367

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file API...

8.8CVSS5.8AI score0.0191EPSS
Exploits0References3
Prion
Prion
added 2018/03/01 5:29 p.m.19 views

Input validation

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file API...

6.5CVSS8.5AI score0.0191EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/03/01 5:29 p.m.20 views

CVE-2018-2367

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file API...

8.8CVSS8.6AI score0.0191EPSS
Exploits0References3
CNVD
CNVD
added 2017/12/28 12:0 a.m.4 views

PHP Scripts Mall Professional Service Script Information Disclosure Vulnerability

Professional Service Script is a script from PHP Scripts Mall with search, task creation and task management features. An information disclosure vulnerability exists in PHP Scripts Mall Professional Service Script. A remote attacker can exploit the vulnerability by sending PATHINFO via a speciall...

5.3CVSS6.5AI score0.01507EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2017/12/27 5:8 p.m.2 views

CVE-2017-17873

Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATHINFO to the /p URI...

9.8CVSS6AI score0.02652EPSS
Exploits1References2
Prion
Prion
added 2017/12/27 5:8 p.m.10 views

Design/Logic Flaw

PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/reviewuserwise.php...

5CVSS5.2AI score0.01507EPSS
Exploits1References1
OSV
OSV
added 2017/12/13 9:29 a.m.3 views

CVE-2017-17621

Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATHINFO to the /detail URI...

9.8CVSS5.8AI score0.03625EPSS
Exploits1References3
OSV
OSV
added 2017/11/10 11:29 p.m.2 views

UBUNTU-CVE-2017-16785

Cacti 1.1.27 has reflected XSS via the PATHINFO to host.php...

6.1CVSS6.8AI score0.00994EPSS
Exploits1References3
OSV
OSV
added 2017/10/29 6:29 a.m.6 views

CVE-2017-15969

PG All Share Video 1.0 allows SQL Injection via the PATHINFO to search/tag, friends/index, users/profile, or videocatalog/category...

9.8CVSS5.8AI score0.02066EPSS
Exploits4References2
OSV
OSV
added 2017/10/29 6:29 a.m.4 views

CVE-2017-15959

Adult Script Pro 2.2.4 allows SQL Injection via the PATHINFO to a /download URI, a different vulnerability than CVE-2007-6576...

9.8CVSS5.8AI score0.02066EPSS
Exploits4References2
OSV
OSV
added 2017/08/31 6:29 p.m.4 views

CVE-2017-14070

Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to ipsearch.php, related to PHPSELF...

6.1CVSS5.8AI score0.00649EPSS
Exploits0References1
OSV
OSV
added 2017/08/10 12:0 a.m.2 views

UBUNTU-CVE-2017-7808

A content security policy CSP "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox 55...

5.3CVSS6.8AI score0.0085EPSS
Exploits0References3
Veracode
Veracode
added 2017/07/27 10:23 p.m.22 views

Cross-site Scripting (XSS)

Concrete5 is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary web script because the library does not sanitize it's parameters before rendering them for display. The following fields are affected: bannedword in...

4.3CVSS5.7AI score0.02111EPSS
Exploits2References8Affected Software1
OSV
OSV
added 2017/07/20 5:29 p.m.17 views

UBUNTU-CVE-2017-0378

XSS exists in the loginform function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATHINFO to main.php...

6.1CVSS6.4AI score0.01455EPSS
Exploits1References3
OSV
OSV
added 2017/07/19 7:29 a.m.3 views

CVE-2017-10801

phpSocial formerly phpDolphin before 3.0.1 has XSS in the PATHINFO to the search/tag/ URI...

6.1CVSS5.8AI score0.00639EPSS
Exploits0References2
Rows per page
Query Builder