CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1086 matches found

Cvelist•added 2018/10/28 3:0 a.m.•10 views

CVE-2016-10733

ProjectSend formerly cFTP r582 allows directory traversal via file=../ in the process-zip-download.php query string...

9.5AI score0.00415EPSS

Exploits0References1

OSV•added 2018/10/02 9:29 p.m.•1 views

CVE-2018-14822

Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code...

9.8CVSS6AI score

Exploits0References2

CNVD•added 2018/09/26 12:0 a.m.•3 views

Component Collection Factory SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Collection Factory component of Joomla! The vulnerability is caused by inserting SQL commands into the query string of a web form...

9.8CVSS9.8AI score0.02512EPSS

Exploits5References1

CNVD•added 2018/09/26 12:0 a.m.•3 views

Component AlphaIndex Dictionaries SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Joomla! component AlphaIndex Dictionaries. The vulnerability is caused by an attacker inserting SQL commands into the query string of a w...

9.8CVSS9.7AI score0.02512EPSS

Exploits5References1

Veracode•added 2018/09/03 5:56 a.m.•21 views

SQL Injection

ThinkPHP is vulnerable to SQL injection. A remote attacker is able to inject arbitrary SQL commands through the public/index/index/test/index query string...

9.8CVSS9.8AI score0.00518EPSS

Exploits1References3Affected Software1

Prion•added 2018/09/03 2:29 a.m.•19 views

Sql injection

ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string...

7.5CVSS9.8AI score0.00518EPSS

Exploits1References2Affected Software1

OSV•added 2018/09/03 2:29 a.m.•13 views

CVE-2018-16385

ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string...

9.8CVSS8.2AI score

Exploits0References2

Exploit DB•added 2018/08/26 12:0 a.m.•62 views

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting

Exploit Title: ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Software : ZOHO Corp ManageEngine ADManager Plus Product Versio...

7.4AI score

Exploits0

OSV•added 2018/08/02 7:29 p.m.•1 views

CVE-2017-14446

An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to trigger this...

9.9CVSS6.2AI score

Exploits0References1

NVD•added 2018/08/02 7:29 p.m.•15 views

CVE-2017-14446

9.9CVSS9.2AI score0.00405EPSS

Exploits2References1

Hacker One•added 2018/08/02 11:35 a.m.•21 views

Upserve : [theacademy.upserve.com] Reflected XSS Query-String

Steps To Reproduce: Open URL in FireFox: https://theacademy.upserve.com/roles/?%22%3E%3Cscript//src=data,alertlocation// HTTP Request http GET /roles/?%22%3E%3Cscript//src=data,alertlocation// HTTP/1.1 Host: theacademy.upserve.com HTTP Response html Name Views Duration Impact Reflected XSS...

0.3AI score

Exploits0

VulnCheck KEV•added 2018/07/24 12:0 a.m.•1 views

VulnCheck KEV: CVE-2025-34051

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP...

6.9CVSS5.9AI score0.00397EPSS

Exploits0References1

NVD•added 2018/07/23 4:29 p.m.•13 views

CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

9.8CVSS9.7AI score0.01328EPSS

Exploits0References2

Prion•added 2018/07/23 4:29 p.m.•11 views

Design/Logic Flaw

7.5CVSS9.6AI score0.01328EPSS

Exploits0References2Affected Software2

UbuntuCve•added 2018/07/23 4:29 p.m.•16 views

CVE-2018-1999022

9.8CVSS7.4AI score0.01328EPSS

Exploits0References3

OSV•added 2018/07/23 4:29 p.m.•14 views

CVE-2018-1999022

9.8CVSS7.1AI score

Exploits0References2

Cvelist•added 2018/07/23 4:0 p.m.•16 views

CVE-2018-1999022

9.7AI score0.01328EPSS

Exploits0References2

Debian CVE•added 2018/07/23 4:0 p.m.•12 views

CVE-2018-1999022

9.8CVSS9.7AI score0.01328EPSS

Exploits0

GitLab Advisory Database•added 2018/07/23 12:0 a.m.•18 views

Improper query string handling in Django

The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series...

4CVSS5.3AI score0.00553EPSS

Exploits1References7Affected Software1

Prion•added 2018/07/05 6:29 p.m.•15 views

Authentication flaw

In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login...

4.3CVSS6AI score0.00215EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by