CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1593 matches found

Cvelist•added 2015/08/22 9:0 p.m.•14 views

CVE-2015-2982

Cross-site scripting XSS vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input to admin.php...

5.4AI score0.00322EPSS

Exploits0References3

CVE•added 2015/08/22 9:0 p.m.•38 views

CVE-2015-2982

Summary (CVE-2015-2982) : The PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone (Free) versions 1.0.1 and earlier is affected by a cross-site scripting (XSS) vulnerability in the jquery.lightbox-0.5.min.js path, caused by inadequate input filtering in admin.php. A remote authenticat...

4.3CVSS5.5AI score0.00322EPSS

Exploits0References3Affected Software1

Japan Vulnerability Notes•added 2015/08/12 6:13 a.m.•1 views

Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site scripting

Overview Photo Gallery CMS for PC, smartphone and feature phone Free provided by PHP Kobo contains a cross-site scripting CWE-79 vulnerability in admin.php. Yuji Tounai of NTT Com SecurityJapan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

4.3CVSS6.1AI score0.00322EPSS

Exploits0References5

0day.today•added 2015/07/27 12:0 a.m.•32 views

WordPress Unite Gallery Lite Plugin 1.4.6 - Multiple Vulnerabilities

WordPress Unite Gallery Lite plugin version 1.4.6 suffers from cross site request forgery and remote SQL injection vulnerabilities. Title: Cross-Site Request Forgery & SQL Injection Vulnerabilities in Unite Gallery Lite Wordpress Plugin v1.4.6 Submitter: Nitin Venkatesh Product: Unite Gallery Lit...

8.2AI score

Exploits0

Prion•added 2015/07/24 4:59 p.m.•8 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the uscesreferer parameter to 1 classes/usceshop.class.php, 2 includes/edit-form-advanced.php, 3 includes/edit-form-advanced30.php,...

4.3CVSS6.2AI score0.00435EPSS

Exploits0References5Affected Software1

Cvelist•added 2015/07/24 4:0 p.m.•14 views

CVE-2015-2973

5.9AI score0.00435EPSS

Exploits0References5

Japan Vulnerability Notes•added 2015/07/24 5:52 a.m.•1 views

Welcart vulnerable to SQL injection

Overview Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a SQL injection CWE-89 vulnerability due to the processing of changeSort parameter in admin.php. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

7.5CVSS7.4AI score0.00422EPSS

Exploits1References9

Japan Vulnerability Notes•added 2015/07/24 12:0 a.m.•23 views

JVN#97971874: Welcart vulnerable to cross-site scripting

Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting CWE-79 vulnerability due to the processing of uscesreferer parameter in admin.php. Impact If a user views a malicious page while logged into WordPress with this plugin...

4.3CVSS5.8AI score0.00435EPSS

Exploits0

Japan Vulnerability Notes•added 2015/07/24 12:0 a.m.•22 views

JVN#92828286: Welcart vulnerable to SQL injection

Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a SQL injection CWE-89 vulnerability due to the processing of changeSort parameter in admin.php. Impact An attacker that can log in to WordPress with this plugin enabled may obtain or alter...

7.5CVSS6.7AI score0.00422EPSS

Exploits1

NVD•added 2015/05/27 6:59 p.m.•12 views

CVE-2015-4063

Cross-site scripting XSS vulnerability in includes/nspsearch.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nspsearch page to wp-admin/admin.php...

3.5CVSS5.3AI score0.01055EPSS

Exploits6References4

Patchstack•added 2015/05/15 12:0 a.m.•12 views

WordPress LeagueManager Plugin <= 3.7 - Cross Site Scripting

This plugin is prone to a wp-admin/admin.php multiple parameter cross site scripting vulnerability. Solution Update the plugin...

2AI score

Exploits0References3Affected Software1

Patchstack•added 2015/05/15 12:0 a.m.•13 views

WordPress Download Manager Plugin <= 2.2.2 - XSS

This plugin is prone to admin.php cid parameter cross site scripting vulnerability. Solution Update the plugin...

2.1AI score

Exploits0References2Affected Software1

Prion•added 2015/05/14 2:59 p.m.•18 views

Directory traversal

Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart aka The Professional WordPress eCommerce Plugin plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. dot dot in the tcpboxpath parameter in the checkouteditorsettings page to...

4CVSS7AI score0.144EPSS

Exploits6References7Affected Software1

CVE•added 2015/04/14 2:0 p.m.•47 views

CVE-2014-9311

CVE-2014-9311 affects the WordPress Shareaholic plugin prior to version 7.6.1.0. The vulnerability is a cross-site scripting (XSS) flaw in admin.php where authenticated users can inject arbitrary script/HTML via the location[id] parameter in the shareaholic_add_location action to wp-admin/admin-a...

3.5CVSS5.4AI score0.00374EPSS

Exploits5References3Affected Software1

exploitpack•added 2015/04/14 12:0 a.m.•23 views

WordPress Plugin MiwoFTP 1.0.5 - Multiple Cross-Site Request Forgery Cross-Site Scripting Vulnerabilities

WordPress Plugin MiwoFTP 1.0.5 - Multiple Cross-Site Request Forgery Cross-Site Scripting Vulnerabilities WordPress MiwoFTP Plugin 1.0.5 Multiple CSRF XSS Vulnerabilities Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5 Summary: MiwoFTP is a smart, fast and...

0.3AI score

Exploits0

NVD•added 2015/04/05 1:59 a.m.•13 views

CVE-2015-0950

Cross-site scripting XSS vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter...

4.3CVSS5.7AI score0.00688EPSS

Exploits0References2

Cvelist•added 2015/04/05 1:0 a.m.•16 views

CVE-2015-0950

Cross-site scripting XSS vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter...

5.7AI score0.00688EPSS

Exploits0References2

Packet Storm•added 2015/04/03 12:0 a.m.•56 views

WordPress Simple Ads Manager 2.5.94 / 2.5.96 SQL Injection

Vulnerability title: Wordpress plugin Simple Ads Manager - Multiple SQL Injection Product: Wordpress plugin Simple Ads Manager Vendor: https://profiles.wordpress.org/minimus/ Affected version: Simple Ads Manager 2.5.94 and 2.5.96 Download link: https://wordpress.org/plugins/simple-ads-manager/ CV...

7.5CVSS0.5AI score0.11773EPSS

Exploits6

0day.today•added 2015/04/02 12:0 a.m.•60 views

Wordpress Simple Ads Manager Plugin - Multiple SQL Injection Vulnerability

Exploit for php platform in category web applications Vulnerability title: Wordpress plugin Simple Ads Manager - SQL Injection Product: Wordpress plugin Simple Ads Manager Vendor: https://profiles.wordpress.org/minimus/ Affected version: Simple Ads Manager 2.5.94 and 2.5.96 Download link:...

7.5CVSS0.4AI score0.11773EPSS

Exploits6

seebug.org•added 2015/04/01 12:0 a.m.•32 views

精讯CMS SQL注入（通杀）

简要描述：底层模型解析出错，导致大面积注入。这是真的注入，真的能注出数据的。无视新版添加的webscan.class.php 详细说明：找注入，上来就看sql语句是怎么处理的。 jxcms的model调用数据库操作无论是 -where -find 都会调用/jxcms/lib/core/db.class.php文件中的checkOneWhere函数进行组装与过滤。 private function checkOneWhere$str $tmp = pregreplace'/"|'.?\1/s', '', $str; $tmp = strtoupper$tmp; if...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by