Lucene search
K

509 matches found

Positive Technologies
Positive Technologies
added 2020/03/12 12:0 a.m.4 views

PT-2020-12113 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns how URIs are handled in admin/header.php, allowing for Reflected XSS in admin/report-article-printed.php. This can be achieved by adding a question mark ? followed...

4.8CVSS5.3AI score0.00733EPSS
Exploits3References4
Hacker One
Hacker One
added 2019/10/30 5:35 p.m.17 views

Mail.ru: unauthorized access to add admin endpoint

Access to static page within media-poll.mail.ru admin interface was not restricted. Access to static page does not grant attacker the ability to perform any actions or access any sensitive information...

3.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2019/09/26 12:0 a.m.6 views

PT-2019-7396 · WordPress · Dynamic Widgets

Name of the Vulnerable Software and Affected Versions: dynamic-widgets plugin versions prior to 1.5.11 Description: The issue concerns a CSRF with resultant XSS. It is exploitable via the "page limit" parameter in the "/wp-admin/themes.php?page=dynwid-config" API endpoint. Recommendations: For...

6.5CVSS6.9AI score0.00881EPSS
Exploits1References5
OSV
OSV
added 2019/09/23 3:15 a.m.3 views

CVE-2019-16702

Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI...

9.8CVSS7.9AI score0.10746EPSS
Exploits5References2
Positive Technologies
Positive Technologies
added 2019/09/08 12:0 a.m.5 views

PT-2019-14523 · 10Web · 10Web Photo Gallery

Name of the Vulnerable Software and Affected Versions: 10Web Photo Gallery plugin versions prior to 1.5.35 Description: A SQL injection issue exists in the photo-gallery plugin for WordPress. The issue is exploitable via the album id parameter in the admin/controllers/Albumsgalleries.php file...

9.8CVSS9.6AI score0.25438EPSS
Exploits4References7
Positive Technologies
Positive Technologies
added 2019/08/08 12:0 a.m.4 views

PT-2019-13779 · WordPress · Import-Users-From-Csv-With-Meta

Name of the Vulnerable Software and Affected Versions: Import users from CSV with meta plugin versions prior to 1.14.2.2 Description: The issue allows for a CSRF attack via the "wp-admin/admin-ajax.php?action=acui delete attachment" API endpoint. This affects the "Import users from CSV with meta"...

5.7CVSS5.5AI score0.00679EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2019/08/06 12:0 a.m.4 views

PT-2019-13626 · Unknown · Schben Adive

Name of the Vulnerable Software and Affected Versions: Schben Adive version 2.0.7 Description: The issue allows remote unprivileged users, such as editors or developers, to create an administrator account. This can be achieved via the admin/user/add endpoint, as demonstrated by a Python...

8.8CVSS8.6AI score0.09313EPSS
Exploits5References6
CNVD
CNVD
added 2019/07/05 12:0 a.m.4 views

JetBrains YouTrack Cross-Site Request Forgery Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A cross-site request forgery vulnerability exists in the admin endpoint in JetBrains YouTrac...

8.8CVSS6.9AI score0.00751EPSS
Exploits0References1
OSV
OSV
added 2019/07/03 7:15 p.m.3 views

CVE-2019-12851

A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852...

8.8CVSS7.3AI score0.00751EPSS
Exploits0References1
NVD
NVD
added 2019/07/03 7:15 p.m.17 views

CVE-2019-12851

A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852...

8.8CVSS8.2AI score0.00751EPSS
Exploits0References1
Prion
Prion
added 2019/07/03 7:15 p.m.18 views

Cross site request forgery (csrf)

A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852...

6.8CVSS8.6AI score0.00751EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/07/03 6:18 p.m.230 views

CVE-2019-12851

CVE-2019-12851 describes a cross-site request forgery (CSRF) vulnerability in an admin endpoint of JetBrains YouTrack. Multiple connected sources corroborate a CSRF issue that could affect YouTrack installations and was remediated by a fix in YouTrack 2018.4.49852. The NVD/NVD-derived metrics ind...

8.8CVSS8.6AI score0.00751EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/04/26 12:0 a.m.7 views

PT-2019-12378 · Webdorado · Webdorado Contact Form Builder

Name of the Vulnerable Software and Affected Versions: WebDorado Contact Form Builder plugin versions prior to 1.0.69 Description: The issue allows for CSRF via the "wp-admin/admin-ajax.php" API endpoint, specifically through the action parameter, which can lead to local file inclusion via...

8.8CVSS8.3AI score0.01058EPSS
Exploits1References6
CNVD
CNVD
added 2019/03/07 12:0 a.m.3 views

OFCMS background editUploadImage file upload vulnerability

OFCMS is a content management system based on Java technology. A backend editUploadImage file upload vulnerability exists in versions of OFCMS prior to 1.1.3. The vulnerability stems from the blocking of .jsp and .jspx files without taking into account file.jsp::$DATA of the...

8.8CVSS7.6AI score0.02695EPSS
Exploits1References1
OSV
OSV
added 2019/03/06 10:29 p.m.3 views

CVE-2019-9613

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadVideo URI...

7.2CVSS7.3AI score0.02708EPSS
Exploits1References1
OSV
OSV
added 2019/01/31 7:29 p.m.1 views

CVE-2018-19043

The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming specifying a "from" and "to" filename via a ../ directory traversal in the dir parameter of an mrelocatorrename action to the wp-admin/admin-ajax.php URI...

5.3CVSS5.9AI score0.10005EPSS
Exploits2References1
OSV
OSV
added 2019/01/11 5:29 a.m.5 views

CVE-2019-6127

An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename...

7.2CVSS7.4AI score0.01506EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2018/11/05 12:0 a.m.2 views

PT-2018-2679 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions through 0.9.8.740 Description: The issue is related to insufficient authentication of requests, allowing for the execution of arbitrary OS commands. This can be exploited by a remote attacker to execute commands. The...

10CVSS8.8AI score0.0348EPSS
Exploits6References7
Positive Technologies
Positive Technologies
added 2018/10/18 12:0 a.m.7 views

PT-2018-14475 · WordPress · Wp-Live-Chat-Support

Name of the Vulnerable Software and Affected Versions: wp-live-chat-support version 8.0.15 Description: A security issue exists in the wp-live-chat-support plugin for WordPress. The problem is related to the term parameter in the "modules/gdpr.php" file. This issue can be exploited through a...

6.1CVSS6.1AI score0.01022EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2018/02/25 12:0 a.m.9 views

PT-2018-18092 · Finecms · Finecms

Name of the Vulnerable Software and Affected Versions: FineCms version 5.3.0 Description: The issue concerns a Cross Site Scripting XSS problem. It occurs via the id or lid parameter in a "c=linkage,m=import" request to "admin.php". The xss clean protection mechanism is bypassed by specially...

6.1CVSS5.9AI score0.0085EPSS
Exploits0References3
Rows per page
Query Builder