Lucene search
+L

170 matches found

debiancve
debiancve
added 2019/03/25 5:47 p.m.27 views

CVE-2019-3827

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...

7CVSS7.4AI score0.00368EPSS
Exploits0
cnvd
cnvd
added 2019/03/04 12:0 a.m.5 views

DhCms Cross-Site Scripting Vulnerability

DhCms Dinghua Cloud CMS is a content management system based on PHP and MySQL. A cross-site scripting vulnerability exists in the admin.php?r=admin/Index/index backend in DhCms 2017-09-18 and earlier versions. A remote attacker can exploit this vulnerability to obtain cookie information...

4.8CVSS6.3AI score0.0064EPSS
Exploits1References1
ubuntucve
ubuntucve
added 2019/02/11 12:0 a.m.21 views

CVE-2019-3827

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...

7CVSS6.9AI score0.00368EPSS
Exploits0References4
cnvd
cnvd
added 2019/01/11 12:0 a.m.1 views

Code Execution Vulnerability in Knight CMS Admin Backend

74cms Knight CMS is a PHP-based open source professional talent system. Knight CMS management background code execution vulnerabilities, attackers can use the vulnerability to obtain control of the web server...

7.6AI score
Exploits0
openvas
openvas
added 2018/09/11 12:0 a.m.38 views

phpMyFAQ <= 2.9.10 Multiple Vulnerabilities

phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...

8.8CVSS8.5AI score0.00497EPSS
Exploits0References1
nvd
nvd
added 2018/09/07 5:29 a.m.19 views

CVE-2018-16651

The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports...

9CVSS7.1AI score0.01374EPSS
Exploits0References1
prion
prion
added 2018/09/07 5:29 a.m.19 views

Design/Logic Flaw

The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports...

9CVSS7.1AI score0.01374EPSS
Exploits0References1Affected Software1
cve
cve
added 2018/09/07 5:0 a.m.48 views

CVE-2018-16651

The CVE-2018-16651 entry applies to phpMyFAQ (admin backend) before version 2.9.11, where CSV injection in reports is possible due to insufficient sanitization of report content. The vulnerability is reflected with a HIGH CVSS score (3.0: 7.2; 2.0: 9.0) and can impact multiple CIA aspects as defi...

9CVSS7.3AI score0.01374EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2018/09/07 5:0 a.m.23 views

CVE-2018-16651

The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports...

7.6AI score0.01374EPSS
Exploits0References1
cnvd
cnvd
added 2018/09/07 12:0 a.m.6 views

phpMyFAQ Cross-Site Request Forgery Vulnerability (CNVD-2019-07200)

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...

8.8CVSS8.7AI score0.00497EPSS
Exploits0References1
cnvd
cnvd
added 2018/09/07 12:0 a.m.6 views

phpMyFAQ CSV Injection Vulnerability

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A CSV injection vulnerability exists in the admin...

9CVSS7.4AI score0.01374EPSS
Exploits0References1
cnvd
cnvd
added 2017/12/28 12:0 a.m.4 views

Override Access Vulnerability in SiteServer CMS Administration Backend

SiteServer CMS is a web content management system developed by Beijing Billion Software Technology Development Co. A vulnerability exists in the management background of SiteServer CMS. The vulnerability is due to the background access control using JWT technology for identity authentication, HTT...

6.9AI score
Exploits0
cnvd
cnvd
added 2017/08/03 12:0 a.m.2 views

javapms admin backend template injection code execution vulnerability

JAVAPMS is a JAVA Portal Management System JAVA Portal Management System for short, SpringMVC + Spring + Hibernate + Freemarker + Html5 + jQuery for the technical core architecture, for the majority of webmasters, software developers, program enthusiasts, web page designers, for individual...

7.7AI score
Exploits0
cnvd
cnvd
added 2017/07/03 12:0 a.m.3 views

Piwigo SQL Injection Vulnerability

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time and more. A SQL injection vulnerability exists in the administrative backend of Piwigo 2.9.1 and previous versions. A remote attack...

9.8CVSS8.7AI score0.08239EPSS
Exploits5References1
seebug
seebug
added 2017/03/31 12:0 a.m.53 views

DedeCMS stored xss vulnerability

Vulnerability description: Dedecms is an open source PHP open source website management system. Dedecms member function shopsdelivery. in php des parameters there is stored XSS vulnerability, the attacker may exploit the vulnerability to obtain the users cookie. Test environment: DedeCMS-V5...

6.5AI score
Exploits0
zdt
zdt
added 2016/09/08 12:0 a.m.29 views

Jobberbase 2.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications Jobberbase: http://www.jobberbase.com/ Version: 2.0 By Ross Marks: http://www.rossmarks.co.uk 1 Local path disclosure - change any variable to an array and in most cases it will tell you the local path where the application is installed eg...

7.1AI score
Exploits0
cnvd
cnvd
added 2016/05/21 12:0 a.m.4 views

Reflective XSS Vulnerability in EasyCMS Enterprise Marketing Management System Administration Backend

EasyCMS is a web content management system based on PHP+Mysql architecture. A reflective XSS vulnerability exists in the administration backend of the EasyCMS enterprise marketing management system, which can be exploited by an attacker to submit data with js code on the personal information page...

6.3AI score
Exploits0
packetstorm
packetstorm
added 2015/10/06 12:0 a.m.39 views

Liferay Portal 6.2 EE SP13 Cross Site Scripting

Hey guys, during a penatrationtest I have found an unknown persistent xss in liferay portal backend. General Information Manufacture description: Liferay Portal is an enterprise-web-platform for the development of business solutions, which provides quick results and long-term values. Details ·...

7.4AI score
Exploits0
cvelist
cvelist
added 2015/03/18 2:0 p.m.22 views

CVE-2015-2149

Multiple cross-site scripting XSS vulnerabilities in the administrative backend in MyBB aka MyBulletinBoard before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the 1 MIME-type field in an add action in the config-attachmenttypes module to admin/index.php; 2...

5.4AI score0.01629EPSS
Exploits1References7
cve
cve
added 2015/03/10 2:0 p.m.44 views

CVE-2015-2183

ZeusCart 4 (open source PHP/MySQL e‑commerce) is affected by multiple SQL injection vulnerabilities in the administrative backend. The flaws allow remote administrators to inject arbitrary SQL via the id parameter in disporders detail or subadminmgt edit actions, or via the cid parameter in editc...

7.5CVSS8.7AI score0.03531EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder