Lucene search
K

245 matches found

OSV
OSV
added 2020/05/06 3:15 p.m.3 views

UBUNTU-CVE-2020-7921

Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3...

5.3CVSS6AI score0.0066EPSS
Exploits0References3
OSV
OSV
added 2019/07/03 8:15 p.m.3 views

CVE-2019-12843

A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3...

6.1CVSS6.6AI score0.00793EPSS
Exploits0References1
OSV
OSV
added 2019/05/16 3:29 p.m.6 views

CVE-2018-17048

admin/Lib/Action/FpluginAction.class.php in FDCMS aka Fangfa Content Manage System 4.2 allows SQL Injection...

7.5CVSS5.8AI score0.01737EPSS
Exploits0References3
CNVD
CNVD
added 2019/02/27 12:0 a.m.4 views

WordPress plugin 'FormCraft' cross-site request forgery vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin 'FormCraft'. If a user logs into the WordPress admi...

8.8CVSS6.8AI score0.00833EPSS
Exploits0References1
CNVD
CNVD
added 2019/01/17 12:0 a.m.2 views

Juniper ATP Cross-Site Scripting Vulnerability

Juniper Advanced Threat Prevention ATP is a suite of advanced threat protection platforms from Juniper Networks. The product supports malware detection, file analysis, and malicious IP address and URL blocking. A cross-site scripting vulnerability exists in the Snort Rules configuration in Junipe...

5.4CVSS6.3AI score0.00624EPSS
Exploits0References1
OSV
OSV
added 2018/04/07 9:29 p.m.4 views

CVE-2018-9848

In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the configuploadclass value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an...

9.8CVSS6.1AI score0.02236EPSS
Exploits1References1
OSV
OSV
added 2017/04/04 2:59 p.m.4 views

CVE-2017-7398

D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery CSRF vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or...

8.8CVSS5.8AI score0.03006EPSS
Exploits4References2
Prion
Prion
added 2016/07/28 4:59 p.m.22 views

Cross site scripting

Cross-site scripting XSS vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnectorcommit.action...

3.5CVSS5.8AI score0.04797EPSS
Exploits3References6Affected Software1
seebug.org
seebug.org
added 2015/05/12 12:0 a.m.20 views

WordPress TheCartPress Plugin 1.3.9 /checkout/CheckoutEditor.class.php 本地文件包含漏洞

checkout/CheckoutEditor.class.phpfunction adminaction if empty $POST return; if isset $REQUEST'tcpsavefields' $partialpath = $REQUEST'tcpboxpath'; $classname = $REQUEST'tcpboxname'; $initialpath = dirname dirname TCPADMINFOLDER . '/'; requireonce $initialpath . $partialpath ; $box = new $classnam...

7.1AI score
Exploits0
NVD
NVD
added 2015/01/02 8:59 p.m.19 views

CVE-2014-9459

Cross-site request forgery CSRF vulnerability in the AdminObserver function in e107admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action...

6.8CVSS7.1AI score0.01105EPSS
Exploits0References4
Cvelist
Cvelist
added 2013/05/10 9:0 p.m.20 views

CVE-2012-6552

Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors...

6.6AI score0.01669EPSS
Exploits0References2
CVE
CVE
added 2012/11/17 9:0 p.m.42 views

CVE-2012-5899

SAMEDIA LandShop 0.9.2 contains a Cross‑site Scripting (XSS) vulnerability in the admin/action/objects.php script. The issue arises from processing the OTR_HEADS[] parameter during an edit action, allowing remote attackers to inject arbitrary web script or HTML. Documents in the connected set con...

4.3CVSS5.9AI score0.01633EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2012/11/17 9:0 p.m.58 views

CVE-2012-5900

SAMEDIA LandShop 0.9.2 is affected by multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. The issues arise via three input vectors: (1) OB_ID in admin/action/objects.php, (2) AREA_ID in admin/action/areas.php, and (3) start in the show action to a...

7.5CVSS8.7AI score0.01278EPSS
Exploits1References7Affected Software1
UbuntuCve
UbuntuCve
added 2012/07/12 8:55 p.m.27 views

CVE-2012-3362

Cross-site request forgery CSRF vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action...

6.8CVSS5.9AI score0.00888EPSS
Exploits1References1
CVE
CVE
added 2012/07/12 8:0 p.m.62 views

CVE-2012-3362

CVE-2012-3362 describes a Cross-site request forgery (CSRF) in eXtplorer up to version 2.1 RC3 and earlier. An attacker could hijack administrator authentication to perform actions—specifically, to add an administrator account via an adduser admin action. Affected software is eXtplorer; root caus...

6.8CVSS7AI score0.00888EPSS
Exploits1References6Affected Software1
securityvulns
securityvulns
added 2009/10/09 12:0 a.m.46 views

QuickCart Multiple vlunerabilities

DISCOVERED: Pawel 'kl3ryk' Laskarzewski GREETZ: hawk, pin3ska, black ant, qwert666, ua and gacmaan DIRECTORY TRAVERSAL http://victim.com/?p=ONE OF THE EXISITING FILES-EXISITING ACTION IN THIS FILE- Most of actions load templates form bad directory and then throw an exception. example:...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/10/08 12:0 a.m.26 views

QuickCart 3.x - Cross-Site Scripting / Cross-Site Request Forgery / Local File Inclusion / Directory Traversal

DISCOVERED: Paweł 'kl3ryk' Łaskarzewski GREETZ: hawk, pin3ska, black ant, qwert666, ua and gacmaan DIRECTORY TRAVERSAL http://victim.com/?p=ONE OF THE EXISITING FILES-EXISITING ACTION IN THIS FILE- Most of actions load templates form bad directory and then throw an exception. example:...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2009/10/08 12:0 a.m.31 views

QuickCart 3.x xss xsrf Local File Inclusion Directory Traversal

No description provided by source. DISCOVERED: Paweł 'kl3ryk' Łaskarzewski GREETZ: hawk, pin3ska, black ant, qwert666, ua and gacmaan DIRECTORY TRAVERSAL http://victim.com/?p=ONE OF THE EXISITING FILES-EXISITING ACTION IN THIS FILE- Most of actions load templates form bad directory and then thr...

7.1AI score
Exploits0
NVD
NVD
added 2009/09/18 8:30 p.m.15 views

CVE-2009-3255

SQL injection vulnerability in RASH Quote Management System RQMS 1.2.2 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an admin action to the default URI...

6.8CVSS8.4AI score0.01127EPSS
Exploits1References5
Prion
Prion
added 2009/09/08 10:30 a.m.22 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Lightweight news portal LNP 1.0b allow remote attackers to inject arbitrary web script or HTML via the 1 photo parameter to showphoto.php, 2 potd parameter to showpotd.php, or 3 the Current question field in a vote action to admin.php...

4.3CVSS6AI score0.01445EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder