Lucene search
+L

735 matches found

nvd
nvd
added 2017/07/17 1:18 p.m.24 views

CVE-2017-2339

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the...

8.4CVSS6.7AI score0.01078EPSS
Exploits0References3
patchstack
patchstack
added 2016/04/05 12:0 a.m.11 views

WordPress User Role Editor Plugin <= 4.24 - Privilege Escalation

Because of this vulnerability, any registered user can gain administrator access. Solution Upgrade the plugin...

3.5AI score
Exploits0References1Affected Software1
osv
osv
added 2016/03/29 3:59 p.m.2 views

CVE-2016-2288

Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file...

7.8CVSS5.8AI score0.01331EPSS
Exploits4References2
freebsd
freebsd
added 2016/02/24 12:0 a.m.13 views

drupal -- multiple vulnerabilities

Drupal Security Team reports: File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical Brute force amplification attacks via XML-RPC XML-RPC server - Drupal 6 and 7 - Moderately Critical Open redirect via path manipulation Base system - Drupal 6, 7 and 8 ...

0.2AI score
Exploits0References1
wpvulndb
wpvulndb
added 2016/01/28 12:0 a.m.10 views

Sola Support Ticket <= 3.12 - XSS & Configuration Change

Any logged in user with any role and access to wp-admin in any way can update plugin settings including allowing HTML to be parsed. One can also change any notification messages to include JS which then can be used to obtain information by forgery. PoC Make POST request to /wp-admin with paramete...

3.5CVSS1.6AI score0.00783EPSS
Exploits2References1Affected Software1
zdt
zdt
added 2015/12/18 12:0 a.m.22 views

WordPress User Role 1.4.1 Cross Site Scripting Vulnerability

WordPress User Role plugin version 1.4.1 suffers from a cross site scripting vulnerability. WordPress User Role 1.4.1 Cross Site Scripting Vulnerability Plugin Name : User Role Effected Version : 1.4.1 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified...

6.7AI score
Exploits0
packetstorm
packetstorm
added 2015/12/17 12:0 a.m.22 views

WordPress User Role 1.4.1 Cross Site Scripting

Plugin Name : User Role Effected Version : 1.4.1 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - Proof of Concept : In the following field put the payload as...

7.4AI score
Exploits0
wpexploit
wpexploit
added 2015/06/26 12:0 a.m.14 views

Multiple Themes - Privilige Escalation

The themes suffer from a privilege escalation vulnerability, any authenticated user can trigger this vulnerability due to weak permissions checking. An attacker can update options, such as changing user's default role, registration state and others, which may lead to executing commands/code on th...

6.5CVSS1.1AI score0.01488EPSS
Exploits3References2
nvd
nvd
added 2015/06/22 7:59 p.m.22 views

CVE-2015-3231

The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache...

4CVSS5.9AI score0.01714EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2015/06/22 7:59 p.m.24 views

CVE-2015-3231

The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache...

4CVSS5.9AI score0.01714EPSS
Exploits0References2
zdi
zdi
added 2015/05/26 12:0 a.m.29 views

Hewlett-Packard SiteScope Log Analyzer Privilege Escalation Vulnerability

This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of Hewlett-Packard SiteScope. Authentication is required to exploit this vulnerability. The specific flaw exists within the Log Analysis Tool. This tool does not validate or restrict the log path allowi...

9CVSS6.2AI score0.03484EPSS
Exploits0References1
prion
prion
added 2015/04/21 4:59 p.m.15 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete user role matching rules via unspecified vectors...

5.8CVSS7.7AI score0.00656EPSS
Exploits0References5Affected Software1
zdt
zdt
added 2015/02/10 12:0 a.m.22 views

WordPress WP EasyCart Unrestricted File Upload Exploit

WordPress Shopping Cart WP EasyCart Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /inc/amfphp/administration/banneruploaderscript.php script does not properly verify or sanitize user-uploaded files. By uploading a .p...

7.9AI score
Exploits0
wpvulndb
wpvulndb
added 2014/08/01 10:59 a.m.6 views

User Role Editor - Cross-Site Request Forgery

The User Role Editor WordPress plugin was affected by a Cross-Site Request Forgery security vulnerability...

2.2AI score
Exploits0References1Affected Software1
zdt
zdt
added 2014/07/12 12:0 a.m.32 views

InvGate Service Desk 4.2.36 SQL Injection Vulnerability

InvGate Service Desk version 4.2.36 suffers from multiple remote SQL injection vulnerabilities. InvGate Service Desk v4.2.36 multiple vulnerabilities http://www.invgate.com/en/service-desk/ http://www.invgate.com/en/service-desk/on-premise-trial/ Invgate Service Desk suffers from many SQL...

8.3AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.16 views

Wordpress User Role Editor Plugin 3.12 - CSRF Vulnerability

No description provided by source. Exploit Title: WP User Role Editor CSRF Date: 19/5/13 Exploit Author: Henry Hoggard Author Website: http://henryhoggard.co.uk Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor Software Link:https://wordpress.org/support/plugin/user-role-edito...

7.1AI score
Exploits0
prion
prion
added 2014/06/08 11:55 p.m.18 views

Command injection

Unspecified vulnerability on the IBM System Storage Virtualization Engine TS7700 allows local users to gain privileges by leveraging the TSSC service-user role to enter a crafted SSH command...

6CVSS6.8AI score0.00266EPSS
Exploits0References3
redhat
redhat
added 2014/05/12 6:12 p.m.83 views

Important: Red Hat Security Advisory: cfme security, bug fix, and enhancement update

Updated cfme packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, whi...

6.5CVSS7.5AI score0.08245EPSS
Exploits7References13
drupal
drupal
added 2014/02/12 12:0 a.m.12 views

SA-CONTRIB-2014-017- Image Resize Filter - Denial of Service (DOS)

This module enables you to resize images based on the HTML contents of a post. Images with specified height and width properties that differ from the original image result in a resized image being created. The module doesn't limit the number of resized images per post or user, which could allow a...

6.8AI score
Exploits0References11
nessus
nessus
added 2013/09/19 12:0 a.m.58 views

WordPress < 3.6.1 Multiple Vulnerabilities

According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities : - Unsafe PHP de-serialization could occur in limited situations and setups, which could lead to remote code execution. CVE-2013-4338 - Open redirect/insufficient input...

7.5CVSS5.5AI score0.08749EPSS
Exploits8References14
Rows per page
Query Builder