Lucene search
+L

601 matches found

Veracode
Veracode
added 2019/01/15 9:2 a.m.23 views

Cross-site Scripting (XSS)

python-django-horizon is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the Host Aggregates interface in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via...

3.5CVSS5AI score0.02053EPSS
Exploits1References19Affected Software1
OSV
OSV
added 2018/11/17 3:29 p.m.16 views

CVE-2018-19329

GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button...

4.9CVSS6.7AI score
Exploits0References1
OSV
OSV
added 2018/10/17 5:21 p.m.20 views

GHSA-4RJF-MXFM-98H5 SQL injection vulnerability in the policy admin tool in Apache Ranger

SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime...

7.2CVSS7.2AI score0.01884EPSS
Exploits1References4
Cvelist
Cvelist
added 2018/04/20 9:0 p.m.20 views

CVE-2018-10078

Cross-site scripting XSS vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description...

5.3AI score0.02071EPSS
Exploits5References2
Prion
Prion
added 2018/01/25 10:29 p.m.13 views

Cross site scripting

Cross-site scripting XSS in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118...

3.5CVSS5.3AI score0.01209EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/01/11 4:29 p.m.18 views

CVE-2017-15632

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptpserver.lua file...

9CVSS7.5AI score0.03062EPSS
Exploits2References2
Prion
Prion
added 2018/01/11 4:29 p.m.18 views

Command injection

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptpclient.lua file...

9CVSS7.4AI score0.04367EPSS
Exploits4References2Affected Software2
Prion
Prion
added 2018/01/11 4:29 p.m.20 views

Command injection

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file...

9CVSS7.4AI score0.04245EPSS
Exploits4References2Affected Software2
Prion
Prion
added 2018/01/11 4:29 p.m.15 views

Command injection

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmacimport.lua file...

9CVSS7.4AI score0.04367EPSS
Exploits4References2Affected Software2
OSV
OSV
added 2018/01/11 4:29 p.m.4 views

CVE-2017-15618

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptpclient.lua file...

7.2CVSS6AI score0.04367EPSS
Exploits4References2
Cvelist
Cvelist
added 2018/01/11 4:0 p.m.18 views

CVE-2017-15626

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptpserver.lua file...

7.5AI score0.04367EPSS
Exploits2References2
Cvelist
Cvelist
added 2018/01/11 4:0 p.m.18 views

CVE-2017-15627

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptpclient.lua file...

7.5AI score0.04367EPSS
Exploits2References2
Prion
Prion
added 2017/10/19 9:29 p.m.16 views

Design/Logic Flaw

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt...

4CVSS6.8AI score0.01201EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2017/10/19 9:29 p.m.21 views

CVE-2012-4382

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt...

4.9CVSS6.3AI score0.01201EPSS
Exploits0References2
NVD
NVD
added 2017/10/19 9:29 p.m.21 views

CVE-2012-4382

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt...

4.9CVSS5.8AI score0.01201EPSS
Exploits0References5
OSV
OSV
added 2017/10/19 9:29 p.m.3 views

DEBIAN-CVE-2012-4382

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt...

4.9CVSS6.8AI score0.01201EPSS
Exploits0References1
OSV
OSV
added 2017/10/19 9:29 p.m.3 views

UBUNTU-CVE-2012-4382

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt...

4.9CVSS6.4AI score0.01201EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/10/19 9:0 p.m.26 views

CVE-2012-4382

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt...

6AI score0.01201EPSS
Exploits0References5
CVE
CVE
added 2017/10/19 9:0 p.m.60 views

CVE-2012-4382

CVE-2012-4382 affects MediaWiki prior to 1.18.5 and 1.19.x prior to 1.19.2. The issue is that user block metadata is not properly protected, allowing remote administrators to read a user block reason via a reblock attempt. The CVSS data indicates a network attack vector with low complexity and pa...

4.9CVSS5.9AI score0.01201EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2017/10/19 9:0 p.m.35 views

CVE-2012-4382

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt...

4.9CVSS5.3AI score0.01201EPSS
Exploits0
Rows per page
Query Builder