Lucene search
K

1577 matches found

WPVulnDB
WPVulnDB
added 2014/12/02 12:0 a.m.21 views

Ninja Forms <= 2.8.9 - Unspecified Issue Affecting Admin Users

This version includes a fix for a potential security vulnerability for admin users...

7.5CVSS4.1AI score0.02017EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2014/12/01 12:0 a.m.40 views

1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting

SWISSCOM CSIRT ADVISORY - http://www.swisscom.com/security CVE ID: CVE-2014-3809 Product: 1830 Photonic Service Switch PSS-32/16/4 Vendor: Alcatel-Lucent Subject: Reflected Cross-site Scripting - XSS Effect: Remotely exploitable Author: Stephan Rickauer stephan.rickauer at swisscom.com Date:...

4.1CVSS0.1AI score0.00906EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2014/11/03 8:47 a.m.3 views

openstack-keystone: configuration data information leak through Keystone catalog

A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admintoken. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue...

4CVSS5.7AI score0.02109EPSS
Exploits1References4
OSV
OSV
added 2014/10/31 3:55 p.m.2 views

DEBIAN-CVE-2014-3475

Cross-site scripting XSS vulnerability in the Users panel admin/users/ in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than...

3.5CVSS5.7AI score0.01235EPSS
Exploits0References1
Prion
Prion
added 2014/10/23 2:55 p.m.22 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form...

6.8CVSS7.5AI score0.01062EPSS
Exploits2References3Affected Software1
RedHat Linux
RedHat Linux
added 2014/07/24 5:21 p.m.4 views

openstack-horizon: multiple XSS flaws

A cross-site scripting XSS flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. CVE-2014-3473 It was found that network names were not sanitized. A malicious user could use this flaw to...

4.3CVSS5.6AI score0.01917EPSS
Exploits1References4
OSV
OSV
added 2014/07/09 12:0 a.m.6 views

UBUNTU-CVE-2014-3475

Cross-site scripting XSS vulnerability in the Users panel admin/users/ in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than...

3.5CVSS5.9AI score0.01235EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.30 views

Lynx Message Server Multiple Vulnerabilities

No description provided by source. 1. Summary The Micro Technology Services Inc. Lynx Message Server 7.11.10.2 and/or LynxTCPService version 1.1.62 web interface is vulnerable to SQL Injection, Cross-Site Scripting, and other security problems. 2. Description Lynx is a Facility wide Duress and...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

NetArtMedia Jobs Portal 1.3 - Multiple SQL Injection Vulnerabilities

No description provided by source. !R4Q!4N H4CK3R NetArtMedia Jobs Portal 1.3 Multiple Sql Injection Vulnerabilities Website : http://www.netartmedia.net Founded By : Encrypt3d.M!nd Home Page : http://encrypt3d.blogspot.com Remote Sql Injections : Affected Files : index.php PoC:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.34 views

CMS Ignition SQL Injection Exploit

No description provided by source. |------------------------------------------------| | neavorc@gmaildotcom | ================================================== + SQL Injection Vulnerability + Dorks: allinurl:shop.htm?shopMGID= + Bug in shop.htm?shopMGID + Exploit:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Blog System 1.x (note) SQL Injection Vuln

No description provided by source. Script : Blog System Version : 1.x Link : http://netartmedia.net/blogsystem/ Dork : powered by Blog System Table : websiteadminadminusers Columns : id,username,password,type Exploit :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

phpCommunityCalendar <= 4.0.3 - Multiple (XSS/SQL) Vulnerabilities

No description provided by source. phpCommunityCalendar 4.0.3 Multiple Vulnerabilites author : X0r1 release : 23.05.06 software : http://www.appideas.com/ googledork : Calendar progr...

7.1AI score
Exploits0
Prion
Prion
added 2014/04/22 2:23 p.m.15 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action, as demonstrated by a request to api/user...

6.8CVSS7.8AI score0.00612EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2014/04/14 12:0 a.m.8 views

WordPress Quick Page/Post Redirect Plugin 5.0.3 - Multiple Vulnerabilities

WordPress Quick Page/Post Redirect plugin is prone to multiple vulnerabilities, such as CSRF and XSS. Because of this vulnerabilities, an admin user can be persuaded to visit a URL of the attacker’s choosing, the attacker can insert arbitrary JavaScript into an admin page. In that way the admin's...

2.7AI score
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2014/01/15 12:0 a.m.13 views

PHPJabbers Pet Listing Script 1.0 - Multiple Vulnerabilities

PHPJabbers Pet Listing Script 1.0 - Multiple Vulnerabilities Pet Listing Script V1.0 - Multiple Vulnerabilities ==================================================================== .:. Author : HackXBack .:. Contact : [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script :...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2014/01/13 12:0 a.m.21 views

Appointment Scheduler 2.0 XSS / CSRF / File Disclosure

Appointment Scheduler V2.0 - Multiple Vulnerabilties ========================================================================= .:. Author : HackXBack .:. Contact : [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.phpjabbers.com/appointment-scheduler/ .:. Tested On Demo ...

Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.121 views

[Full-disclosure] Magnolia CMS multiple access control vulnerabilities

Subject: ====== Multiple access control vulnerabilities in Magnolia CMS, Community and Enterprise editions CVE ID: ====== CVE-2013-4621 Summary: ======== A non-admin user such as default users eric / peter can access and execute multiple administrative functionalities of the CMS by accessing...

1.9AI score0.01762EPSS
Exploits1
Prion
Prion
added 2013/06/24 4:55 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Rules module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "administer rules" permission to inject arbitrary web script or HTML via a rule tag...

4.3CVSS5.6AI score0.01148EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2013/02/21 12:0 a.m.29 views

Alt-N MDaemon WebAdmin Remote Code Execution

================================================================== Alt-N MDaemon's WebAdmin Remote Code Execution Vulnerability ================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: Remote Code...

0.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/11/30 12:0 a.m.22 views

Fedora 18 : system-config-date-1.10.3-1.fc18 / system-config-nfs-1.4.1-1.fc18 (2012-17797)

This updates tightens policy so that only administrative users can make changes to the system as it was before using pkexec instead of consolehelper. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted ...

5.5AI score
Exploits0References2
Rows per page
Query Builder