Lucene search
+L

51 matches found

Prion
Prion
added 2019/11/13 3:15 p.m.15 views

Design/Logic Flaw

FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP file...

8.5CVSS8.9AI score0.05436EPSS
Exploits3References2Affected Software1
OSV
OSV
added 2019/08/22 7:15 p.m.5 views

CVE-2019-12385

An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches even guest users can dump any data contained in the database sessions, hashed passwords, etc.. This may lead to a full compromise of...

8.8CVSS7.3AI score0.01634EPSS
Exploits1References2
CVE
CVE
added 2019/08/22 6:19 p.m.66 views

CVE-2019-12385

CVE-2019-12385 affects Ampache up to version 3.9.1. A SQL Injection in the search engine (lib/class/search.class.php) allows any user performing searches (including guests) to dump data from the database (sessions, hashed passwords, etc.), which can lead to full admin compromise when combined wit...

8.8CVSS8.7AI score0.01634EPSS
Exploits1References2Affected Software1
Malwarebytes
Malwarebytes
added 2019/04/29 3:54 p.m.59 views

Wall Street Market reported to have exit scammed

Around April 20, many users reported that Wall Street Market, a broadly known dark net market, had executed an exit scam, and that any pending orders were unlikely to be completed. Scamming with enterprises involving Bitcoin is not unheard of, and dark net markets with centralized escrow are...

0.7AI score
Exploits0
OSV
OSV
added 2018/03/13 3:29 p.m.14 views

CVE-2018-1000084

WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name from Layout tab that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the...

5.4CVSS5.6AI score
Exploits0References1
OSV
OSV
added 2017/11/20 8:29 p.m.0 views

DEBIAN-CVE-2017-16908

In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed...

5.4CVSS6.2AI score0.01752EPSS
Exploits1References1
OSV
OSV
added 2017/11/20 8:29 p.m.2 views

UBUNTU-CVE-2017-16908

In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed...

5.4CVSS6.6AI score0.01752EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2012/08/19 12:0 a.m.42 views

ocPortal CMS 8.x Session Hijacking

OVERVIEW ocPoral CMS 8.x and lower versions are vulnerable to Session Hijacking flaw which could allow attackers to compromise administrator session. 2. PRODUCT DESCRIPTION ocPortal is the website Content Management System a CMS for building and maintaining a dynamic website. ocPortal's powerful...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2008/10/15 12:0 a.m.19 views

Nuked-klaN <= 1.7.7 / <= SP4.4 Multiple Vulnerabilities Exploit

No description provided by source. ?php Name: Nuked-klaN = 1.7.7 and = SP4.4 Multiples Vulnerabilities Exploit Credits: Charles FOL charlesfolathotmail.fr URL: http://real.o-n.fr/ Date: 14/10/2008 Special thanks to Louis for remembering me I had to finish it = VULNERABILITY DETAILS...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2005/08/14 12:0 a.m.19 views

javamailAPI.txt

Javamail Multiple Information Disclosure Vulnerabilities May 25, 2005 Yangon, Myanmar. Vulnerable Systems: JavaMail API 1.3 JavaMail API 1.2 JavaMail API 1.1.3 Tested on Apache Tomcat/5.0.16 Possibly on all versions of Windows Failed to restrict to accessing other directory and files in...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/05/25 12:0 a.m.30 views

Javamail Multiple Information Disclosure Vulnerabilities

Javamail Multiple Information Disclosure Vulnerabilities May 25, 2005 Yangon, Myanmar. Vulnerable Systems: JavaMail API 1.3 JavaMail API 1.2 JavaMail API 1.1.3 Tested on Apache Tomcat/5.0.16 Possibly on all versions of Windows Failed to restrict to accessing other directory and files in...

0.1AI score
Exploits0
Rows per page
Query Builder