CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1086 matches found

OSV•added 2019/06/07 9:12 p.m.•18 views

GHSA-HXCM-V35H-MG2X Prototype Pollution in querystringify

A vulnerability was found in querystringify before 2.0.0. It's possible to override built-in properties of the resulting query string object if a malicious string is inserted in the query string...

7AI score

Exploits0References2

RedHat Linux•added 2019/05/22 12:3 p.m.•4 views

python: CRLF injection via the query part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

6.1CVSS6.7AI score0.0991EPSS

Exploits1References4

OSV•added 2019/04/01 5:29 p.m.•2 views

CVE-2018-5757

An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leading to...

8.8CVSS5.9AI score0.13065EPSS

Exploits1References1

Cvelist•added 2019/03/27 4:59 p.m.•12 views

CVE-2017-18364

phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter...

7.4CVSS7.2AI score0.00407EPSS

Exploits2References3

NVD•added 2019/01/31 7:29 p.m.•11 views

CVE-2018-18940

servlet/SnoopServlet a servlet installed by default in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=XSS in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web...

6.1CVSS6.2AI score0.00444EPSS

Exploits3References2

CNVD•added 2019/01/14 12:0 a.m.•2 views

CubeCart Cross-Site Scripting Vulnerability

Devellion CubeCart is a free and open source e-commerce shopping cart software from Devellion UK. The software supports selling products in an online store, adding/editing products or images etc. A cross-site scripting vulnerability exists in Devellion CubeCart version 6.2.2. A remote attacker ca...

5.4CVSS6AI score0.00206EPSS

Exploits1References1

Prion•added 2019/01/03 8:29 p.m.•12 views

Cross site scripting

Cross-site scripting in eventscript.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter...

4.3CVSS6.4AI score0.00272EPSS

Exploits1References2

NVD•added 2019/01/03 7:29 p.m.•13 views

CVE-2018-14481

Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280...

6.1CVSS6AI score0.00234EPSS

Exploits3References2

OSV•added 2019/01/03 7:29 p.m.•19 views

CVE-2018-14481

Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280...

6.1CVSS5.6AI score

Exploits0References2

Prion•added 2019/01/03 7:29 p.m.•23 views

Design/Logic Flaw

Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280...

4.3CVSS5.9AI score0.004EPSS

Exploits4References2Affected Software1

CVE•added 2019/01/03 7:0 p.m.•56 views

CVE-2018-14481

OSClass 3.7.4 is affected by CVE-2018-14481: it has Cross-Site Scripting (XSS) via the query string to index.php (notably in the OSClass 3.7.4 release, separate from CVE-2014-6280). Other connected sources describe multiple XSS vulnerabilities in OSClass 3.7.4, including potential reflections and...

6.1CVSS5.8AI score0.00234EPSS

Exploits3References2Affected Software1

OSV•added 2018/12/17 3:29 p.m.•12 views

CVE-2018-18248

Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string...

6.1CVSS5.7AI score

Exploits0References2

NVD•added 2018/12/17 3:29 p.m.•10 views

CVE-2018-18248

6.1CVSS6.3AI score0.0024EPSS

Exploits1References2

Cvelist•added 2018/12/17 3:0 p.m.•11 views

CVE-2018-18248

7.5AI score0.0024EPSS

Exploits1References2

Debian CVE•added 2018/12/17 3:0 p.m.•16 views

CVE-2018-18248

6.1CVSS6.3AI score0.0024EPSS

Exploits1

OSV•added 2018/12/06 3:29 a.m.•1 views

CVE-2018-19893

SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string...

9.8CVSS5.8AI score0.00264EPSS

Exploits1References1

Packet Storm•added 2018/12/06 12:0 a.m.•318 views

Chamilo 1.11.6 Cross Site Scripting

Multiple Cross-site Scripting Vulnerabilities in Chamilo 1.11.6 Information -------------------- Advisory by Netsparker Name: Multiple Cross-site Scripting Vulnerabilities in Chamilo 1.11.6 Affected Software: Chamilo Affected Versions: 1.11.6 Homepage: https://chamilo.org/en/ Vulnerability:...

7.4AI score

Exploits0

Prion•added 2018/11/07 7:29 p.m.•15 views

Design/Logic Flaw

An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie...

4.3CVSS5.9AI score0.0024EPSS

Exploits1References1Affected Software1

NVD•added 2018/11/07 7:29 p.m.•12 views

CVE-2018-19092

6.1CVSS6AI score0.0024EPSS

Exploits1References1

NVD•added 2018/10/29 12:29 p.m.•6 views

CVE-2016-10733

ProjectSend formerly cFTP r582 allows directory traversal via file=../ in the process-zip-download.php query string...

9.8CVSS9.5AI score0.00415EPSS

Exploits0References1

Rows per page