CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2295 matches found

NVD•added 2014/08/17 11:55 p.m.•27 views

CVE-2014-3080

Multiple cross-site scripting XSS vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to kvm.cgi or 2 the key parameter to avctalert.php...

4.3CVSS5.6AI score0.03521EPSS

Exploits7References6

OSV•added 2014/08/07 11:13 a.m.•2 views

DEBIAN-CVE-2014-5191

Cross-site scripting XSS vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01834EPSS

Exploits0References1

Prion•added 2014/07/21 2:55 p.m.•17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via 1 the pid attribute to the getAttributejson function to application/controllers/admin/participantsaction.php in CPDB, 2 the sa parameter to...

4.3CVSS6AI score0.01474EPSS

Exploits1References2Affected Software1

Prion•added 2014/07/19 5:9 a.m.•16 views

Design/Logic Flaw

The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject links via unspecified vectors...

3.5CVSS6.5AI score0.00772EPSS

Exploits0References2Affected Software2

Cvelist•added 2014/07/19 1:0 a.m.•22 views

CVE-2014-0970

6AI score0.00772EPSS

Exploits0References2

UbuntuCve•added 2014/07/14 2:55 p.m.•22 views

CVE-2014-4946

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via 1 unspecified flags or 2 a mailbox name in the dynamic mailbox view...

4.3CVSS6AI score0.01312EPSS

Exploits0References7

Positive Technologies•added 2014/07/11 12:0 a.m.•2 views

PT-2014-5658 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 3.5.3 Description: The issue allows remote attackers to inject arbitrary web script or HTML via various parameters to different PHP files, including index.php, user/index.php, user/logout.php, user/fiche.php, and...

4.3CVSS6.5AI score0.02689EPSS

Exploits1References3

OSV•added 2014/07/07 2:55 p.m.•1 views

DEBIAN-CVE-2014-4722

Multiple cross-site scripting XSS vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.02347EPSS

Exploits0References1

OSV•added 2014/07/03 2:55 p.m.•2 views

UBUNTU-CVE-2014-4002

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the 1 drpaction parameter to cdef.php, 2 datainput.php, 3 dataqueries.php, 4 datasources.php, 5 datatemplates.php, 6 graphtemplates.php, 7 graphs.php, 8 host.php, or...

4.3CVSS7.3AI score0.02096EPSS

Exploits0References2

Prion•added 2014/07/02 6:55 p.m.•12 views

Cross site scripting

Cross-site scripting XSS vulnerability in redirect.php in the Ooorl plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter...

4.3CVSS6.2AI score0.01629EPSS

Exploits1References1

seebug.org•added 2014/07/01 12:0 a.m.•12 views

PwsPHP <= 1.2.3 (index.php) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl PwsPHP = 1.2.4 index.php Remote SQL Injection Exploit http://example.com/index.php?mod=sondages&do=results&id=1%20union%20select%20id,0,0,pseudo,pass,pseudo,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20%60users%60%20/ Discovered by: papipsycho...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•14 views

Cacti <= 0.8.6i cmd.php popen() Remote Injection Exploit

No description provided by source. ?php printr' -------------------------------------------------------------------------------- Cacti = 0.8.6i cmd.php popen injection by rgod dork: intitle:login to cacti mail: retrog at alice dot it site: http://retrogod.altervista.org...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•14 views

IBM System Director Agent DLL Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.1AI score

Exploits0

Prion•added 2014/06/18 4:55 p.m.•16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a 1 custom JSP or 2 custom renderer...

3.5CVSS5.5AI score0.00936EPSS

Exploits0References3Affected Software1

Prion•added 2014/06/11 2:55 p.m.•17 views

Cross site scripting

Cross-site scripting XSS vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php...

4.3CVSS6.2AI score0.03299EPSS

Exploits1References4Affected Software1

ATTACKERKB•added 2014/06/05 5:55 p.m.•1 views

CVE-2014-1998

Cross-site scripting XSS vulnerability in Nippon Institute of Agroinformatics SOY CMS 1.4.0c and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.00931EPSS

Exploits0References3

RedHat Linux•added 2014/06/05 12:12 p.m.•4 views

openssl: freelist misuse causing a possible use-after-free

Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a multithreaded environment...

4CVSS6.6AI score0.34132EPSS

Exploits0References5

Prion•added 2014/05/30 11:55 p.m.•17 views

Cross site scripting

Cross-site scripting XSS vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.02466EPSS

Exploits0References1Affected Software1

CVE•added 2014/05/20 10:0 a.m.•52 views

CVE-2014-2193

CVE-2014-2193 affects Cisco Unified Web and E-Mail Interaction Manager. Root cause: improper use of session identifiers in GET requests, enabling a remote attacker to inject conversation text by obtaining a valid session identifier. Affected products and impact are described in Cisco advisory and...

4.3CVSS6.8AI score0.00958EPSS

Exploits0References1Affected Software1

Prion•added 2014/04/29 2:38 p.m.•9 views

Cross site scripting

Cross-site scripting XSS vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values...

2.1CVSS5.7AI score0.00941EPSS

Exploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by