Lucene search
+L

55 matches found

Metasploit
Metasploit
added 2018/11/19 2:28 a.m.83 views

php imap_open Remote Code Execution

The imapopen function within php, if called without the /norsh flag, will attempt to preauthenticate an IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's ProxyCommand option can be passed from imapopen to execute arbitrary commands. While many custom...

7.5CVSS0.1AI score0.9523EPSS
Exploits6
NVD
NVD
added 2018/11/15 6:29 a.m.17 views

CVE-2018-19291

An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI...

6.5CVSS6.5AI score0.00651EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/15 12:0 a.m.8 views

DiliCMS Cross-Site Request Forgery Vulnerability

DiliCMS is a rapid development content management system based on CodeIgniter. DiliCMS 2.4.0 suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to delete a user or group via the admin/index.php/user/del/1 or admin/index.php/role/del/2 URIs...

6.5CVSS6.9AI score0.00651EPSS
Exploits1References1
NVD
NVD
added 2018/10/29 12:29 p.m.14 views

CVE-2018-18740

An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMSLink.php?lgid=1 URI...

4.8CVSS4.9AI score0.00534EPSS
Exploits1References1
Prion
Prion
added 2018/10/29 12:29 p.m.16 views

Cross site request forgery (csrf)

A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMSUser.php?Class=add&CF=user URI...

6.8CVSS8.6AI score0.00523EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/10/28 3:0 a.m.23 views

CVE-2018-18744

An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to the admin/SEMCMSMain.php URI...

4.9AI score0.00534EPSS
Exploits1References1
NVD
NVD
added 2018/08/06 3:29 p.m.16 views

CVE-2018-14963

zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI...

8.8CVSS8.8AI score0.0065EPSS
Exploits1References1
Prion
Prion
added 2018/06/22 3:29 p.m.17 views

Cross site scripting

Reflected Cross-Site Scripting XSS exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI...

4.3CVSS6AI score0.00865EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/06/13 11:29 a.m.17 views

CVE-2018-12263

portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI...

8.8CVSS8.8AI score0.01084EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/13 11:0 a.m.17 views

CVE-2018-12263

portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI...

8.8AI score0.01084EPSS
Exploits0References1
CVE
CVE
added 2018/06/13 11:0 a.m.46 views

CVE-2018-12263

The CVE-2018-12263 entry affects portfolioCMS 1.0.5, with a vulnerability in the admin/portfolio.php?newpage=true URI that allows uploading arbitrary .php files. The connected CNVD/NVD/OSV records confirm this behavior, citing a file-upload vulnerability in portfolioCMS 1.0.5. The underlying root...

8.8CVSS8.7AI score0.01084EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/05/15 1:0 a.m.45 views

CVE-2018-11098

CVE-2018-11098 affects Frog CMS 0.9.5. A file-upload vulnerability exists at the admin/?/plugin/file_manager/upload URI, described as a vulnerability similar to CVE-2014-4912. Connected documents reiterate an arbitrary file-upload issue in Frog CMS 0.9.5. No explicit patch/version remediation is ...

7.2CVSS8.2AI score0.01417EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/04/16 9:58 a.m.15 views

CVE-2018-10118

Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php...

4.8CVSS5AI score
Exploits0References2
Cvelist
Cvelist
added 2018/04/15 12:0 p.m.23 views

CVE-2018-10118

Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php...

5.7AI score0.02898EPSS
Exploits2References2
NVD
NVD
added 2007/05/16 10:19 a.m.17 views

CVE-2007-2713

ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI...

10CVSS6.6AI score0.02659EPSS
Exploits0References7
Rows per page
Query Builder