CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

475 matches found

0day.today•added 2008/09/23 12:0 a.m.•20 views

Sofi WebGui <= 0.6.3 PRE (mod_dir) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ====================================================================== Sofi WebGui = 0.6.3 PRE moddir Remote File Inclusion Vulnerability ====================================================================== :::::::-. ... ::::::. :::. ;;,...

7.1AI score

Exploits0

Prion•added 2008/08/06 6:41 p.m.•8 views

Information disclosure

RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System CS RSS feeds, which allows remote attackers to obtain sensitive information CS data...

5CVSS6.7AI score0.00438EPSS

Exploits0References6Affected Software1

NVD•added 2008/08/06 6:41 p.m.•7 views

CVE-2008-3503

RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System CS RSS feeds, which allows remote attackers to obtain sensitive information CS data...

5CVSS6.1AI score0.00438EPSS

Exploits0References6

CVE•added 2008/08/06 6:0 p.m.•33 views

CVE-2008-3503

Plain Black WebGUI prior to 7.5.13 has an RSSFromParent flaw that does not restrict CS RSS feed view access, enabling remote disclosure of Collaboration System data. A fix is available in 7.5.13 (beta released) and later versions; upgrade to mitigate. Technical details: affected product/component...

5CVSS6.2AI score0.00438EPSS

Exploits0References6Affected Software1

Cvelist•added 2008/08/06 6:0 p.m.•14 views

CVE-2008-3503

RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System CS RSS feeds, which allows remote attackers to obtain sensitive information CS data...

6.1AI score0.00438EPSS

Exploits0References6

Prion•added 2008/05/23 3:32 p.m.•15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Web GUI in SAP Web Application Server WAS 7.0, Web Dynpro for ABAP aka WD4A or WDA, and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI under bc/gui/sap/its/webgui/...

4.3CVSS6.2AI score0.07699EPSS

Exploits1References6Affected Software1

securityvulns•added 2008/05/22 12:0 a.m.•29 views

SAP Web Application Server crossite scripting

Crossite scripting with /sap/bc/gui/sap/its/webgui/...

1.3AI score

Exploits0References1

Prion•added 2008/05/05 4:20 p.m.•9 views

Design/Logic Flaw

Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown impact and attack vectors related to "data form list view."...

10CVSS7AI score0.00416EPSS

Exploits0References5Affected Software1

NVD•added 2008/05/05 4:20 p.m.•10 views

CVE-2008-2077

Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown impact and attack vectors related to "data form list view."...

10CVSS6.4AI score0.00416EPSS

Exploits0References5

CVE•added 2008/05/05 4:0 p.m.•41 views

CVE-2008-2077

The CVE-2008-2077 entry concerns Plain Black WebGUI prior to version 7.4.35, where data form list view handling is implicated. Connected sources indicate a vulnerability labeled as WebGUI

10CVSS6.4AI score0.00416EPSS

Exploits0References5Affected Software1

Cvelist•added 2008/05/05 4:0 p.m.•15 views

CVE-2008-2077

Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown impact and attack vectors related to "data form list view."...

6.4AI score0.00416EPSS

Exploits0References5

Tenable Nessus•added 2008/05/01 12:0 a.m.•17 views

WebGUI < 7.4.35 Data Form List View Unspecified Vulnerability

Binary data 4489.prm...

10CVSS7.3AI score0.00416EPSS

Exploits0References2

Prion•added 2008/02/25 8:44 p.m.•15 views

Cross site scripting

Cross-site scripting XSS vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407...

4.3CVSS6AI score0.01631EPSS

Exploits0References3Affected Software1

NVD•added 2008/02/25 8:44 p.m.•11 views

CVE-2008-0940

4.3CVSS5.5AI score0.00324EPSS

Exploits0References3

CVE•added 2008/02/25 8:0 p.m.•31 views

CVE-2008-0940

Plain Black WebGUI is affected by a cross-site scripting (XSS) vulnerability present in versions before 7.4.24, which can allow remote attackers to inject arbitrary script or HTML when creating a username. The issue is independently identified from CVE-2007-0407. Mitigation: upgrade to WebGUI 7.4...

4.3CVSS5.6AI score0.00324EPSS

Exploits0References3Affected Software1

Cvelist•added 2008/02/25 8:0 p.m.•21 views

CVE-2008-0940

5.5AI score0.00324EPSS

Exploits0References3

ATTACKERKB•added 2007/12/20 8:46 p.m.•3 views

CVE-2007-6487

Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680...

5CVSS5.6AI score0.00427EPSS

Exploits0References7

NVD•added 2007/12/20 8:46 p.m.•8 views

CVE-2007-6487

4.9CVSS6.1AI score0.00247EPSS

Exploits0References5

Prion•added 2007/12/20 8:46 p.m.•12 views

Design/Logic Flaw

4.9CVSS6.4AI score0.00427EPSS

Exploits0References5Affected Software1

Cvelist•added 2007/12/20 8:0 p.m.•16 views

CVE-2007-6487