CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

1035 matches found

RedHat Linux•added 2018/12/12 2:16 p.m.•3 views

jenkins: Session fixation vulnerability on user signup

A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account...

5.8CVSS5.8AI score0.01217EPSS

Exploits0References5

OSV•added 2018/12/03 4:29 p.m.•3 views

CVE-2018-1002005

These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bftlist.html.php:43: via the filtersignupdate parameter...

4.8CVSS5.8AI score

Exploits0References3

OSV•added 2018/11/27 10:29 p.m.•2 views

CVE-2018-7958

There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploite...

7.4CVSS5.7AI score0.01108EPSS

Exploits0References1

Packet Storm•added 2018/11/15 12:0 a.m.•254 views

Electricks eCommerce 1.0 Cross Site Scripting

Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Date: 2018-11-12 Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user signs up for an account on the following url:...

exploitpack•added 2018/11/14 12:0 a.m.•20 views

Electricks eCommerce 1.0 - Persistent Cross-Site Scripting

Electricks eCommerce 1.0 - Persistent Cross-Site Scripting Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Date: 2018-11-12 Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user...

0day.today•added 2018/11/14 12:0 a.m.•268 views

Electricks eCommerce 1.0 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user signs up for an accoun...

Exploit DB•added 2018/11/14 12:0 a.m.•25 views

Electricks eCommerce 1.0 - Persistent Cross-Site Scripting

Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Date: 2018-11-12 Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user signs up for an account on the following url:...

Hacker One•added 2018/10/08 11:13 a.m.•42 views

Infogram: possibility to create account without username

hi , infogram.com doesn't allow us to go next untill we give name of our account but i bypassed that. i am able to create an account without any name, just by modify response field. steps:- 1. create new account , when you reach page where you have to give your name. 2. give name and intercept th...

Openbugbounty•added 2018/09/09 10:13 a.m.•12 views

joplinstockyards.com XSS vulnerability

Open Bug Bounty ID: OBB-674680 Description| Value ---|--- Affected Website:| joplinstockyards.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Openbugbounty•added 2018/09/06 3:8 p.m.•12 views

jeffcleghorn.com XSS vulnerability

Open Bug Bounty ID: OBB-673769 Description| Value ---|--- Affected Website:| jeffcleghorn.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Hacker One•added 2018/09/01 10:44 a.m.•50 views

Khan Academy: SignUp With Fake Email

Hello KhanAcademy Security Team, I'm rootbakar, I found an oddity that allows a user to register with Khanacademy using an invalid or fake email. In this trial I used the email '[email protected]' and after pressing the SIGN UP button it will automatically enter the user dashboard pag...

Openbugbounty•added 2018/08/29 12:45 p.m.•10 views

insuranceadvice.com XSS vulnerability

Open Bug Bounty ID: OBB-670851 Description| Value ---|--- Affected Website:| insuranceadvice.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Openbugbounty•added 2018/08/26 9:20 a.m.•16 views

meetav.com XSS vulnerability

Open Bug Bounty ID: OBB-669390 Description| Value ---|--- Affected Website:| meetav.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Openbugbounty•added 2018/07/29 6:9 p.m.•11 views

dash.trck.me XSS vulnerability

Open Bug Bounty ID: OBB-655855 Description| Value ---|--- Affected Website:| dash.trck.me Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Openbugbounty•added 2018/07/25 8:44 p.m.•8 views

paintedcabernet.com XSS vulnerability

Open Bug Bounty ID: OBB-653968 Description| Value ---|--- Affected Website:| paintedcabernet.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

OSV•added 2018/07/20 6:29 p.m.•11 views

CVE-2018-14474

views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup...

6.1CVSS6.8AI score

Exploits0References1

CVE•added 2018/07/20 6:0 p.m.•68 views

CVE-2018-14474

CVE-2018-14474 affects Orange Forum 1.4.0, with an open redirect in views/auth.go triggered by the next parameter to /login or /signup. The vulnerability allows an attacker to redirect users to a malicious site, potentially enabling phishing or credential theft. Several connected sources (e.g., N...

6.1CVSS6.2AI score0.02257EPSS

Exploits1References1Affected Software1

Openbugbounty•added 2018/07/10 3:57 p.m.•14 views

rixtkuiper.com XSS vulnerability

Open Bug Bounty ID: OBB-644306 Description| Value ---|--- Affected Website:| rixtkuiper.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Openbugbounty•added 2018/07/07 1:13 p.m.•155 views

vedantu.com XSS vulnerability

Open Bug Bounty ID: OBB-641895 Description| Value ---|--- Affected Website:| vedantu.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Hacker One•added 2018/07/03 3:5 p.m.•139 views

Cloudflare: Private API key leakage due to lack of access control

The lack of access control on the https://mobilesdk.cloudflare.com/api/v1/ api allows for a remote attacker to access and steal a logged in user's private data. This can be done due to the lack of origin protection. An attacker can embed the config URI...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by