CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2018/09/14 7:29 a.m.•1 views

CVE-2018-17044

In YzmCMS 5.1, stored XSS exists via the admin/systemmanage/userconfigadd.html title parameter...

4.8CVSS5.8AI score0.00509EPSS

UbuntuCve•added 2018/08/10 4:29 p.m.•22 views

CVE-2018-14028

In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then...

7.2CVSS7.2AI score0.17722EPSS

Exploits0References4

Debian CVE•added 2018/08/10 4:0 p.m.•24 views

CVE-2018-14028

7.2CVSS2.6AI score0.17722EPSS

Packet Storm•added 2018/05/16 12:0 a.m.•31 views

VirtueMart 3.1.14 Cross Site Scripting

Exploit Title: VirtueMart 3.1.14 - Persistent Cross-Site Scripting Date: 2018-02-25 Software Link: http://virtuemart.net/ Exploit Author: Mattia Furlani CVE: CVE-2018-7465 Category: webapps 1. Description An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the admin area...

5.6AI score0.0237EPSS

Exploit DB•added 2018/05/16 12:0 a.m.•36 views

VirtueMart 3.1.14 - Persistent Cross-Site Scripting

5.4CVSS5.5AI score0.0237EPSS

exploitpack•added 2018/01/17 12:0 a.m.•15 views

Reservo Image Hosting Script 1.5 - Cross-Site Scripting

Reservo Image Hosting Script 1.5 - Cross-Site Scripting Exploit Title: Reservo Image Hosting Script 1.5 - Cross Site Scripting Date: 15-01-2018 Exploit Author: Dennis Veninga Contact Author: d.veninga at networking4all.com Vendor Homepage: reservo.co Version: 1.6 CVE-ID: CVE-2018-5705 With suppor...

4.3CVSS6.1AI score0.01489EPSS

Exploit DB•added 2018/01/17 12:0 a.m.•35 views

Reservo Image Hosting Script 1.5 - Cross-Site Scripting

Exploit Title: Reservo Image Hosting Script 1.5 - Cross Site Scripting Date: 15-01-2018 Exploit Author: Dennis Veninga Contact Author: d.veninga at networking4all.com Vendor Homepage: reservo.co Version: 1.6 CVE-ID: CVE-2018-5705 With support for automatic thumbnails & image resizing in over 200...

6.1CVSS6.3AI score0.01489EPSS

CNVD•added 2017/12/26 12:0 a.m.•3 views

PHP Scripts Mall Car Rental Script Cross-Site Scripting Vulnerability

PHP Scripts Mall Car Rental Script is an open source website script for cab booking owners and agents. A cross-site scripting vulnerability exists in PHP Scripts Mall Car Rental Script. The vulnerability can be exploited via the carid parameter in admin/areaedit.php or websitename parameter in...

6.1CVSS6.6AI score0.00683EPSS

Cvelist•added 2017/12/25 4:0 p.m.•23 views

CVE-2017-17907

PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter...

6.1AI score0.00683EPSS

Packet Storm•added 2017/07/27 12:0 a.m.•24 views

Friends In War Make Or Break 1.7 SQL Injection / Login Bypass

x Type: Admin login bypass via SQLi x Vendor: http://software.friendsinwar.com/ x Script Name: Make or Break x Script Version: 1.7 x Script DL: http://software.friendsinwar.com/downloads.php?catid=2&fileid=9 x Author: Anarchy Angel x Mail: anarchydotang31@gmaildotcom x More info:...

1AI score

Hacker One•added 2017/06/17 1:20 p.m.•62 views

Shopify: Stored XSS in *.myshopify.com

Hello, First of all in noticed that this is out of scope "Any issue related to the storefront area being displayed in a element in the admin area, for example in the Theme Editor." This is not in the store front and this will be set in an XSS payload. 1. Go to https://YOUR...

6.2AI score

0day.today•added 2016/10/03 12:0 a.m.•29 views

KV Site Admin CMS 3.0 SQL injection Vulnerability

Exploit for php platform in category web applications Exploit Title : KV Site Admin CMS 3.0 SQL injection Vulnerability Exploit Author : xBADGIRL21 Dork : e.World Technology Ltd. All rights reserved "Admin Area - Version 3.0" Version: 3.0 MyBlog: http://xbadgirl21.blogspot.com Tested on: BackBox...

7.1AI score

Exploit DB•added 2016/06/20 12:0 a.m.•37 views

sNews CMS 1.7.1 - Multiple Vulnerabilities

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt + ISR: APPARITIONSEC Vendor: ============ snewscms.com Product: ================ sNews CMS v1.7.1 Vulnerability Type: =================================== Persistent...

7.4AI score

Packet Storm•added 2016/03/18 12:0 a.m.•33 views

PivotX 2.3.11 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: PivotX 2.3.11 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pivotx.net/ Vulnerability Type: Reflected XSS Remote Exploitable: Yes Reported to vendor: 01/20/2016 Disclosed to public: 03/15/2016 Release...

0day.today•added 2015/11/17 12:0 a.m.•33 views

AlegroCart 1.2.8 - Multiple SQL Injection Vulnerabilities

Exploit for php platform in category web applications 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix17102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1040 Vendor Website: http://alegrocart.com/ Vulnerability Type: SQL Injection Remote Exploitable: Y...

7.1AI score

Packet Storm•added 2015/11/16 12:0 a.m.•27 views

AlegroCart 1.2.8 SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix17102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1040 Vendor Website: http://alegrocart.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported ...

0.1AI score

exploitpack•added 2015/11/16 12:0 a.m.•42 views

AlegroCart 1.2.8 - Multiple SQL Injections

AlegroCart 1.2.8 - Multiple SQL Injections Security Advisory - Curesec Research Team 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix17102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1040 Vendor Website: http://alegrocart.com/ Vulnerability Type: SQL...

0.2AI score

Exploit DB•added 2015/11/16 12:0 a.m.•30 views

AlegroCart 1.2.8 - Multiple SQL Injections

7.4AI score

exploitpack•added 2015/10/30 12:0 a.m.•19 views

Pligg CMS 2.0.2 - Multiple SQL Injections

Pligg CMS 2.0.2 - Multiple SQL Injections Security Advisory - Curesec Research Team 1. Introduction Affected Product: Pligg CMS 2.0.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pligg.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor:...

0.3AI score