CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2300 matches found

CNVD•added 2018/01/18 12:0 a.m.•2 views

TorrentFlux Cross-Site Scripting Vulnerability

TorrentFlux is a PHP-based BitTorrent download client that manages all Torrent downloads through a convenient web interface. A cross-site scripting vulnerability exists in TorrentFlux version 2.4. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.2AI score0.01202EPSS

Exploits1References1

CNVD•added 2018/01/17 12:0 a.m.•2 views

WordPress WPGlobus plugin cross-site scripting vulnerability (CNVD-2018-01276)

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.WPGlobus plugin is used in one of the plugin used to create a multi-language blog. A cross-site scripting vulnerabili...

4.8CVSS6.1AI score0.00748EPSS

Exploits1References1

CNVD•added 2018/01/17 12:0 a.m.•3 views

WordPress WPGlobus plugin cross-site scripting vulnerability (CNVD-2018-01287)

4.8CVSS6.2AI score0.00748EPSS

Exploits1References1

CNVD•added 2018/01/15 12:0 a.m.•3 views

Zimbra Collaboration Suite Cross-Site Scripting Vulnerability

Zimbra Collaboration Suite ZCS is an open source collaboration suite from the US company Zimbra, which includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in versions of ZCS prior to 8.8.0 Beta2. A remote attacker can exploit this vulnerability to inject...

5.4CVSS6.2AI score0.01264EPSS

Exploits2References1

CNVD•added 2018/01/15 12:0 a.m.•2 views

DragonByte Technologies vBShout for vBulletin Cross-Site Scripting Vulnerability

DragonByte Technologies vBShout for vBulletin is a module with posting and replying functionality for vBulletin, the open source commercial web forum program from DragonByte Technologies, Scotland. A cross-site scripting vulnerability exists in the vbshout.php file in DragonByte Technologies...

6.1CVSS6AI score0.04162EPSS

Exploits1References1

Cvelist•added 2018/01/11 8:0 p.m.•15 views

CVE-2012-6671

Multiple cross-site scripting XSS vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module before 1.0.8 for vBulletin when creating a new monster, allow remote attackers to inject arbitrary web script or HTML via the 1 monstertitle or 2 monsterdescription parameters...

6.1AI score0.01642EPSS

Exploits0References4

CNVD•added 2018/01/10 12:0 a.m.•4 views

WordPress GD Rating System plugin cross-site scripting vulnerability (CNVD-2018-00916)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.GD Rating System plugin is used in one of the rating plugin. A cross-site scripting vulnerability exists in version...

6.1CVSS6AI score0.01265EPSS

Exploits1References1

NVD•added 2018/01/08 7:29 p.m.•18 views

CVE-2017-7998

Multiple cross-site scripting XSS vulnerabilities in Gespage before 7.4.9 allow remote attackers to inject arbitrary web script or HTML via the 1 printer name when adding a printer in the admin panel or 2 username parameter to webapp/users/userreg.jsp...

6.1CVSS6.1AI score0.0199EPSS

Exploits3References2

CNVD•added 2018/01/08 12:0 a.m.•3 views

WordPress GD Rating System Plugin Cross-Site Scripting Vulnerability

6.1CVSS6AI score0.01265EPSS

Exploits1References1

CNVD•added 2018/01/02 12:0 a.m.•2 views

Zivif PR115-204-P-RS Remote Command Injection Vulnerability

The Zivif PR115-204-P-RS is a webcam device. A remote command injection vulnerability exists in Zivif PR115-204-P-RS version 2.3.4.2103. A remote attacker can exploit this vulnerability to inject arbitrary commands...

10CVSS7.8AI score0.84558EPSS

Exploits8References1

ATTACKERKB•added 2017/12/27 5:8 p.m.•1 views

CVE-2017-17897

SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...

9.8CVSS6.4AI score0.01871EPSS

Exploits0References2

CNVD•added 2017/12/18 12:0 a.m.•3 views

Bernard Parisse Giac Parameter Injection Vulnerability

Bernard Parisse Giac is an open source computer algebra system written in C++ for Windows, Mac OS X, Unix and Linux. A security vulnerability exists in the Input.cc file in Bernard Parisse Giac version 1.2.3.57, which originates from the program failing to validate strings before starting the...

8.8CVSS7.3AI score0.01221EPSS

Exploits0References1

CNVD•added 2017/12/18 12:0 a.m.•1 views

ScummVM Parameter Injection Vulnerability

ScummVM is a graphics engine for point-and-click adventure games. A security vulnerability exists in the backends/platform/sdl/posix/posix.cpp file in ScummVM version 1.9.0, which originates from a program that does not validate strings before starting the program. A remote attacker could exploit...

8.8CVSS7.2AI score0.01643EPSS

Exploits0References1

CNVD•added 2017/12/15 12:0 a.m.•2 views

PHP Scripts Mall Event Search Script SQL Injection Vulnerability

PHP Scripts Mall Event Search Script is a PHP based online event registration script from PHP Scripts Mall India. The script can be embedded into a website and accept online event bookings from other organizations or companies. A SQL injection vulnerability exists in PHP Scripts Mall Event Search...

9.8CVSS8.2AI score0.0305EPSS

Exploits1References1

OSV•added 2017/12/14 4:29 p.m.•2 views

DEBIAN-CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER...

8.8CVSS8.1AI score0.01685EPSS

Exploits0References1

CNVD•added 2017/12/12 12:0 a.m.•5 views

Mathias Kettner Check_MK Cross-Site Scripting Vulnerability

Mathias Kettner CheckMK is an open-source, general-purpose Nagios/Icinga monitoring system data collection plug-in from Mathias Kettner, Germany, which collects data from operating system and network components by employing a new methodology and supports the automated detection of monitoring item...

6.1CVSS6.4AI score0.01029EPSS

Exploits1References1

OSV•added 2017/12/11 6:29 a.m.•1 views

DEBIAN-CVE-2017-17512

sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument...

8.8CVSS8.9AI score0.02217EPSS

Exploits1References1

OSV•added 2017/11/30 9:29 a.m.•2 views

CVE-2017-12345

Multiple vulnerabilities in Cisco Data Center Network Manager DCNM Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting...

4.7CVSS5.8AI score0.01379EPSS

Exploits0References2

OSV•added 2017/11/30 9:29 a.m.•3 views

CVE-2017-12344

6.1CVSS5.8AI score0.00926EPSS

Exploits0References2

CNVD•added 2017/11/28 12:0 a.m.•2 views

IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2017-38351)

IBM Rational DOORS Next Generation DNG/RRC is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM, USA. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...

5.4CVSS6.4AI score0.00729EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by