Lucene search
K

509 matches found

OSV
OSV
added 2017/10/23 5:29 p.m.23 views

CVE-2017-15808

In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php...

8.8CVSS7.2AI score0.01173EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2017/05/28 12:0 a.m.6 views

PT-2017-18807 · Andrzuk · Finecms

Name of the Vulnerable Software and Affected Versions: andrzuk/FineCMS versions prior to 2017-05-28 Description: The issue is related to a reflected XSS in the sitename parameter to the "admin.php" endpoint. Recommendations: For versions prior to 2017-05-28, as a temporary workaround, consider...

6.1CVSS6AI score0.00632EPSS
Exploits0References2
OSV
OSV
added 2016/07/03 1:59 a.m.3 views

CVE-2016-1441

Cisco Cloud Network Automation Provisioner CNAP 1.00 in Cisco Configuration Assistant CCA allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145...

8.2CVSS5.8AI score0.0112EPSS
Exploits0References2
OSV
OSV
added 2016/02/19 7:59 p.m.4 views

CVE-2016-1335

The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previous...

7.5CVSS5.8AI score0.03379EPSS
Exploits0References2
Atlassian
Atlassian
added 2009/09/09 5:2 a.m.17 views

admin gadget rest endpoint information leak

the admin rest endpoint can return admin-only information even if the end user is not an admin...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/09/09 5:2 a.m.13 views

admin gadget rest endpoint information leak

the admin rest endpoint can return admin-only information even if the end user is not an admin...

1.3AI score
Exploits0
Atlassian
Atlassian
added 2009/09/09 5:2 a.m.17 views

admin gadget rest endpoint information leak

the admin rest endpoint can return admin-only information even if the end user is not an admin...

1.3AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2008/02/06 12:0 a.m.4 views

PT-2008-2242 · Dmssoftware · Dmsguestbook

Name of the Vulnerable Software and Affected Versions: DMSGuestbook version 1.7.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the "file" parameter to "wp-admin/admin.php", the "messagefield" parameter in the guestbook page, or th...

4.3CVSS6.5AI score0.02662EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2008/01/10 12:0 a.m.3 views

PT-2008-1843 · WordPress · Wp-Contactform

Name of the Vulnerable Software and Affected Versions: WP-ContactForm plugin for WordPress versions 1.5 alpha and earlier Description: The issue concerns multiple cross-site request forgery CSRF vulnerabilities. These vulnerabilities allow remote attackers to perform actions as administrators. Th...

4.3CVSS6.9AI score0.01273EPSS
Exploits1References8
Rows per page
Query Builder